CVE-2002-1209
CVSS5.0
发布时间 :2002-11-04 00:00:00
修订时间 :2008-09-10 15:14:03
NMCOES    

[原文]Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request.


[CNNVD]SolarWinds TFTP服务程序目录遍历漏洞(CNNVD-200211-009)

        
        SolarWinds TFTP服务程序可以同时发送和接收多个文件,经常用于下载/上传路由器,交换机等可执行映象和配置文件。
        SolarWinds TFTP服务程序对用户提交的请求缺少过滤,远程攻击者可以利用这个漏洞以TFTP进程权限查看系统上任意文件内容。
        SolarWinds TFTP服务程序对'..\字符缺少正确处理,攻击者可以提交多个包含'..\'字符的的GET请求,可以遍历系统目录,以TFTP进程权限查看系统任意文件内容。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1209
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1209
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200211-009
(官方数据源) CNNVD

- 其它链接及资源

http://www.idefense.com/advisory/10.24.02.txt
(VENDOR_ADVISORY)  MISC  http://www.idefense.com/advisory/10.24.02.txt
http://xforce.iss.net/xforce/xfdb/10469
(VENDOR_ADVISORY)  XF  tftp-dot-directory-traversal(10469)
http://www.securityfocus.com/bid/6045
(UNKNOWN)  BID  6045
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0044.html
(UNKNOWN)  VULNWATCH  20021024 iDEFENSE Security Advisory 10.24.02: Directory Traversal in SolarWinds TFTP Server

- 漏洞信息

SolarWinds TFTP服务程序目录遍历漏洞
中危 输入验证
2002-11-04 00:00:00 2005-10-20 00:00:00
远程  
        
        SolarWinds TFTP服务程序可以同时发送和接收多个文件,经常用于下载/上传路由器,交换机等可执行映象和配置文件。
        SolarWinds TFTP服务程序对用户提交的请求缺少过滤,远程攻击者可以利用这个漏洞以TFTP进程权限查看系统上任意文件内容。
        SolarWinds TFTP服务程序对'..\字符缺少正确处理,攻击者可以提交多个包含'..\'字符的的GET请求,可以遍历系统目录,以TFTP进程权限查看系统任意文件内容。
        

- 公告与补丁

        厂商补丁:
        SolarWinds
        ----------
        SolarWinds TFTP Server v5.0.60和之后的版本不存在此漏洞,请到厂商的主页下载:
        
        http://www.solarwinds.net/Tools/Free_tools/TFTP_Server/

- 漏洞信息 (21964)

SolarWinds TFTP Server Standard Edition 5.0.55 Directory Traversal Vulnerability (EDBID:21964)
windows remote
2002-10-25 Verified
0 Matthew Murphy
N/A [点击下载]
source: http://www.securityfocus.com/bid/6045/info

SolarWinds TFTP Server is distributed for the Microsoft Windows platform.

The SolarWinds TFTP Server does not properly handle user-supplied input. Due to insufficient handling of user input, it is possible for a remote user to request arbitrary files from the vulnerable server. It would be possible for a remote user to download any files readable through the permissions of the TFTP Server user.

tftp example.com GET a\..\..\winnt\repair\sam 		

- 漏洞信息

8947
SolarWinds TFTP Server Double Dot Traversal Arbitrary File Access
Remote / Network Access Input Manipulation
Loss of Confidentiality Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2002-10-24 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 5.0.60 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

SolarWinds TFTP Server Directory Traversal Vulnerability
Input Validation Error 6045
Yes No
2002-10-25 12:00:00 2009-07-11 06:06:00
Vulnerability discovery credited to Matthew Murphy <mattmurphy@kc.rr.com>.

- 受影响的程序版本

SolarWinds TFTP Server Standard Edition 5.0.55
SolarWinds TFTP Server Standard Edition 5.0 .60

- 不受影响的程序版本

SolarWinds TFTP Server Standard Edition 5.0 .60

- 漏洞讨论

SolarWinds TFTP Server is distributed for the Microsoft Windows platform.

The SolarWinds TFTP Server does not properly handle user-supplied input. Due to insufficient handling of user input, it is possible for a remote user to request arbitrary files from the vulnerable server. It would be possible for a remote user to download any files readable through the permissions of the TFTP Server user.

- 漏洞利用

No exploit is required for this vulnerability.

The following example has been made available:

tftp example.com GET a\..\..\winnt\repair\sam

- 解决方案

A fixed version has been made available:


SolarWinds TFTP Server Standard Edition 5.0.55

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站