Windows_Tftp_Utility TFTPUtil GUI TFTP GET请求目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1183927 漏洞类型 路径遍历
发布时间 2009-01-27 更新时间 2009-01-27
CVE编号 CVE-2009-0288 CNNVD-ID CNNVD-200901-367
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2009010227
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-367
|漏洞详情
k23productionsTFTPUtilGUI1.2.0和1.3.0版本中存在目录遍历漏洞。远程攻击者可以借助一个GET请求中的目录遍历序列,读取TFTP根目录外的任意文件。
|漏洞EXP
Title: TFTPUtil GUI TFTP Directory Traversal
Product: TFTPUtil GUI

Discovered: November 26, 2008
Discovered by: Rob Kraus, princeofnigeria (PoN)

Vendor: k23productions
Vendor URL: http://sourceforge.net/projects/tftputil
Vendor notification date: December 1, 2008
Vendor response date: December 8, 2008
Vendor acknowledgement: December 8, 2008
Vendor provided fix: December 8, 2008
Release coordinated with the vendor: --
Public disclosure date: January 14, 2009

Affects: TFTPUtil GUI versions 1.2.0 and 1.3.0
Fixed in: 1.4.0
Risk: Medium

Vulnerability Description: TFTPUtil GUI versions 1.2.0 and 1.3.0 are prone to a directory-traversal vulnerability because it fails to sanitize TFTP GET requests. By using a specially crafted TFTP GET request an attacker is capable of retrieving files outside of the TFTP root directory.

Impact: The ability to obtain files outside of the TFTP root directory may allow an attacker to obtain more information about the underlying operating system and applications running on the host.

Keywords: security, vulnerability, tftp, directory traversal, princeofnigeria, gui, windows, server

[--Background--]

Type of vulnerability: Input validation flaw
Who can exploit it: Local and remote users

TFTPUtil GUI is an application that provides services for transferring configuration files, firmware files and other types of data using the TFTP protocol. The application should restrict GET requests to the contents of the TFTP root directory to prevent obtaining data from other parts of the host operating system.

Vulnerability Scope: The default installation of TFTPUtil 1.20. or 1.3.0 will allow exploitation of this vulnerability.

[--More Details--]

Exploitation of this flaw is trivial and can be executed using any RFC 1350 compliant TFTP client software. No exploit code is required.

[--Fix or Workaround Information--]

Patch availability: 1.4.0
Vendor provided fix: 1.4.0
Workarounds: Update to 1.4.0

[--Disclosure Policy--]

PrinceofNigeria.org Vulnerability Disclosure Policy
http://www.princeofnigeria.org/blogs/index.php/vulndev/vulnreleasepolicy
/?blog=1

[--Disclosure History--]

Public disclosure date: January 14, 2009

[--References--]
CVE-ID:
Bugtraq ID:
Secunia ID:
OSVDB ID:

[--Author--]
Rob Kraus, princeofnigeria (PoN)
Website: www.princeofnigeria.org/blogs
|参考资料

来源:BID
名称:33287
链接:http://www.securityfocus.com/bid/33287
来源:sourceforge.net
链接:http://sourceforge.net/forum/forum.php?forum_id=894598
来源:XF
名称:tftputil-tftpget-directory-traversal(48019)
链接:http://xforce.iss.net/xforce/xfdb/48019
来源:BUGTRAQ
名称:20090115TFTPUtilGUITFTPDirectoryTraversal
链接:http://www.securityfocus.com/archive/1/archive/1/500106/100/0/threaded
来源:MISC
链接:http://www.princeofnigeria.org/blogs/index.php/2009/01/14/tftputil-gui-tftp-directory-traversal
来源:SECUNIA
名称:33561
链接:http://secunia.com/advisories/33561