Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » IBM alphaWorks TFTP Directory Traversal Vulnerability

IBM alphaWorks TFTP Directory Traversal Vulnerability

by phiber on July 22nd, 2001 Remote attackers may use directory traversals to access arbitrary files(which are readable by the TFTP server), via a crafted get request to the host.


Sensitive information contained in system files may be disclosed to remote attackers as a result of this vulnerability.


Description

IBM alphaWorks TFTP is a Java server that implements that Trivial File Transfer Protocol for AIX, OS/2 and Microsoft Windows 9x/NT systems. TFTP clients may access the server remotely.


Exploit:

This issue may be exploited by making a malicious file request to a vulnerable host which contains '../' sequences.


Solution:

Currently there are no patches or workarounds, but be sure to take a look at the venodors website.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »