TFTP Traversal Arbitrary File Access

medium Nessus Plugin ID 18262

Synopsis

The remote TFTP server can be used to read arbitrary files on the remote host.

Description

The TFTP (Trivial File Transfer Protocol) server running on the remote host is vulnerable to a directory traversal attack that allows an attacker to read arbitrary files on the remote host by prepending their names with directory traversal sequences.

Solution

Disable the remote TFTP daemon, run it in a chrooted environment, or filter incoming traffic to this port.

Plugin Details

Severity: Medium

ID: 18262

File Name: tftpd_dir_trav.nasl

Version: 1.56

Type: remote

Family: Misc.

Published: 5/16/2005

Updated: 8/15/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-1999-0498

Vulnerability Information

Required KB Items: Services/udp/tftp

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 4/19/1986

Exploitable With

CANVAS (D2ExploitPack)

Metasploit (Distinct TFTP 3.10 Writable Directory Traversal Execution)

Reference Information

CVE: CVE-1999-0183, CVE-1999-0498, CVE-2002-2353, CVE-2009-0271, CVE-2009-0288, CVE-2009-1161

BID: 6198, 11582, 11584, 33287, 33344, 35040, 42907, 48272, 50441, 52938

CWE: 22, 264