Summary
This host is running NetDecision TFTP Server and is prone to multiple directory traversal vulnerabilities.
Impact
Successful exploitation will allow attackers to disclose sensitive information,upload or download files to and from arbitrary locations. and compromise a vulnerable system to legitimate users.
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Due to an input validation error within the TFTP server which in fails to sanitize user-supplied input in GET or PUT command via ../ (dot dot) sequences.
Affected
NetMechanica, NetDecision TFTP Server version 4.2 and prior
References
Severity
Classification
-
CVE CVE-2009-1730 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Freeciv Multiple Remote Denial Of Service Vulnerabilities
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Mac OS X)
- Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Linux)
- CA kmxfw.sys Code Execution and DoS Vulnerabilities
- BulletProof FTP Client '.bps' File Buffer Overflow Vulnerability