[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: DDIVRT-2008-10 PacketTrap TFTP Directory Traversal Vulnerability
From: vulnerabilityresearch () digitaldefense ! net
Date: 2008-03-03 14:18:45
Message-ID: 20080303141845.4213.qmail () securityfocus ! com
[Download RAW message or body]
Title
-----
DDIVRT-2008-10 PacketTrap PT360 Tool Suite TFTP Arbitrary File Access
Severity
--------
High
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: princeofnigeria and r@b13$
Date Discovered
---------------
1/29/2008
Vulnerability Description
-------------------------
DDI VRT staff notified PacketTrap Networks, Inc. on February 7, 2008 of a flaw within \
the PacketTrap PT360 suite. Specifically, the default installation of the PacketTrap \
PT360 Tool Suite Version 1.1.33.1.0 TFTP server component is susceptible to directory \
traversal attack. A remote or local attacker can exploit this flaw to retrieve \
arbitrary files outside of the TFTP server root directory. This vulnerability also \
allows a remote attacker to overwrite and modify system files which could facilitate \
a full system compromise.
Solution Description
--------------------
PacketTrap Networks, Inc. released a patch (#3302) for this flaw on February 29, \
2008.
Tested Systems / Software (with versions)
------------------------------------------
Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version \
1.1.33.1.0. Other versions may be vulnerable.
Vendor Contact
--------------
Name: PacketTrap Networks, Inc.
Website: http://www.packettrap.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic