PacketTrap pt360 TFTP Server < 1.0.3302.0 Multiple Vulnerabilities

high Nessus Plugin ID 31467

Synopsis

The remote TFTP server is affected by multiple flaws.

Description

PacketTrap pt360 Tool Suite is installed on the remote system. It is a single reporting solution that integrates various free network management tools provided by PacketTrap Networks.

The tool suite includes a TFTP server component that is susceptible to a directory traversal and a denial of service attack. By sending a specially crafted string, an attacker may be able to crash the affected service or to read or write arbitrary files on the remote system, subject to the privileges of the user under which the TFTP server runs.

If it is run by a user with Administrator privileges, successful exploitation of the issue may lead to a complete system compromise.

Solution

Upgrade to PacketTrap pt360 Tool Suite version 1.0.3302.0 or later.

See Also

https://seclists.org/bugtraq/2008/Mar/17

https://seclists.org/bugtraq/2008/Mar/22

http://www.emediawire.com/releases/2008/2/prweb731563.htm

Plugin Details

Severity: High

ID: 31467

File Name: packetrap_tftpd_dir_traversal.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 3/13/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-1310, CVE-2008-1311, CVE-2008-1312

BID: 28078, 28079, 28187

CWE: 20, 22

Secunia: 29207