TFTP File Access
Updated 11/1/02
CAN 1999-0616
Summary
This vulnerability allows for file access via the
TFTP service.
Impact
Using this vulnerability, malicious users can gain
unauthorized remote access to system or user files.
Background
The TFTP (trivial file transfer protocol) service provides remote
access to files, without asking for a password. It is typically used
for the initialization of diskless computers, of X terminals, or of
other dedicated hardware.
The Problem
When the TFTP daemon does not limit access to specific files or hosts,
a remote intruder can use the service to obtain copies of the password
file or of other system or user files, or to remotely overwrite files.
11/1/02
Additionally, some TFTP servers which do appropriately limit
access to certain files or directories can still be exploited
using a directory traversal (../) attack. SolarWinds
TFTP Server prior to 5.0.60 is affected by this vulnerability.
Resolution
Restrict TFTP access to only limited subtree of the
file system. Consult your tftpd manual pages for details. Also,
when no access restriction is possible, restrict TFTP
access by using a TCP wrapper.
Where can I read more about this?
See the
Admin Guide to Cracking for an example of why this vulnerability
is a problem.
For additional information, refer to
CIAC
Bulletin B-44.
The SolarWinds TFTP Server vulnerability was reported in
IDefense Security Advisory 10.24.02.