| |||||||||||||
| Test ID: | 1.3.6.1.4.1.25623.1.0.900358 |
| Category: | Denial of Service |
| Title: | NetDecision TFTP Server Multiple Directory Traversal Vulnerabilities |
| Summary: | Check for the version of NetDecision TFTP Server |
| Description: | Overview: This host is running NetDecision TFTP Server and is prone to multiple directory traversal vulnerabilities. Vulnerability Insight: Due to an input validation error within the TFTP server which in fails to sanitize user-supplied input in GET or PUT command via ../ (dot dot) sequences. Impact: Successful exploitation will allow attackers to disclose sensitive information,upload or download files to and from arbitrary locations. and compromise a vulnerable system to legitimate users. Affected Software/OS: NetMechanica, NetDecision TFTP Server version 4.2 and prior Fix: No solution or patch is available as of 29th May, 2009. Information regarding this issue will updated once the solution details are available. For updates refer to http://www.netmechanica.com References: http://secunia.com/advisories/35131 http://xforce.iss.net/xforce/xfdb/50574 http://www.securityfocus.com/archive/1/503605 |
| Cross-Ref: |
BugTraq ID: 35002 Common Vulnerability Exposure (CVE) ID: CVE-2009-1730 http://www.princeofnigeria.org/blogs/index.php/2009/05/17/netdecision-tftp-server-4-2-tftp-directo?blog=1 http://www.securityfocus.com/bid/35002 http://secunia.com/advisories/35131 XForce ISS Database: netdecision-tftp-dir-traversal(50574) http://xforce.iss.net/xforce/xfdb/50574 |
| Copyright | Copyright (C) 2009 SecPod |
| This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois
© 1998-2013 E-Soft Inc. All rights reserved.