| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 3 Mar 2008 14:18:45 -0000 From: vulnerabilityresearch@...italdefense.net To: bugtraq@...urityfocus.com Subject: DDIVRT-2008-10 PacketTrap TFTP Directory Traversal Vulnerability Title ----- DDIVRT-2008-10 PacketTrap PT360 Tool Suite TFTP Arbitrary File Access Severity -------- High Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: princeofnigeria and r@...$ Date Discovered --------------- 1/29/2008 Vulnerability Description ------------------------- DDI VRT staff notified PacketTrap Networks, Inc. on February 7, 2008 of a flaw within the PacketTrap PT360 suite. Specifically, the default installation of the PacketTrap PT360 Tool Suite Version 1.1.33.1.0 TFTP server component is susceptible to directory traversal attack. A remote or local attacker can exploit this flaw to retrieve arbitrary files outside of the TFTP server root directory. This vulnerability also allows a remote attacker to overwrite and modify system files which could facilitate a full system compromise. Solution Description -------------------- PacketTrap Networks, Inc. released a patch (#3302) for this flaw on February 29, 2008. Tested Systems / Software (with versions) ------------------------------------------ Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version 1.1.33.1.0. Other versions may be vulnerable. Vendor Contact -------------- Name: PacketTrap Networks, Inc. Website: http://www.packettrap.com/
Powered by blists - more mailing lists