Tutorial - Cisco IOS TFTP Server

Cisco IOS TFTP Server

Created 8/8/02
CVE 2002-0813

Impact

A remote attacker could create a denial of service by rebooting the router.

Background

Trivial File Transfer Protocol (TFTP) is a protocol which allows for easy transfer of files between network connected devices.

The Problem

CVE 2002-0813
Cisco IOS provides TFTP server functionality to facilitate the transfer of Cisco IOS images when another TFTP server may not be available. A vulnerability has been discovered in the processing of filenames within a TFTP read request when Cisco IOS is configured to act as a TFTP server. This vulnerability affects IOS versions 11.1, 11.2 and 11.3, but does NOT affect those operating systems when running on a 68040 based architecture such as a Route Processor.

Resolution

The affected IOS releases, 11.1, 11.2, and 11.3, are all at End of Life, which means they do not have a maintenance version scheduled, and will not be fixed. There are two simple workarounds: to disable the TFTP server if it is not needed, or to provide TFTP file name aliases. The Cisco advisory describes the procedures to implement these workarounds. Users with a service contract may obtain upgraded software through the Software Center on Cisco's Worldwide Web site at http://www.cisco.com.

Where can I read more about this?

For more information, see the Cisco advisory or the Neohapsis advisory. This vulnerability was announced on the Bugtraq mailing list.