Distinct TFTP Server Directory Traversal Vulnerability Network Vulnerability

Summary

This host is running Distinct TFTP Server and is prone to directory traversal vulnerability.

Impact

Successful exploitation allows an attacker to obtain sensitive information and launch further attacks. Impact Level: Application

Solution

Upgrade to Distinct TFTP Server version 3.11 or later. For updates refer to http://www.distinct.com

Insight

The flaw is caused due an input validation error within the TFTP service and can be exploited to download or manipulate files in arbitrary locations outside the TFTP root via specially crafted directory traversal sequences.

Affected

Distinct TFTP Server version 3.01 and prior

References

http://osvdb.org/80984
http://www.exploit-db.com/exploits/18718
http://www.securityfocus.com/bid/52938
http://www.spentera.com/advisories/2012/SPN-01-2012.pdf

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Mailman private.py Directory Traversal Vulnerability
Samba Format String Vulnerability
AT TFTP Server Directory Traversal Vulnerability
McAfee myCIO Directory Traversal
Simple PHP Blog dir traversal

Take action and discover your vulnerabilities