Allied Telesyn TFTP Daemon Multiple Remote Vulnerabilities
The Allied Telesyn TFTP service is reported to be prone to multiple vulnerabilities. The following specific issues are reported:
1. Allied Telesyn TFTP Server is reported susceptible to a directory-traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data.
This vulnerability allows remote attackers to retrieve or overwrite the contents of arbitrary potentially sensitive files located on the serving appliance with the privileges of the TFTP server process.
2. Allied Telesyn TFTP Server is reported prone to a remote buffer-overflow vulnerability.
This vulnerability may be exploited by a remote attacker to crash the affected service.
NOTE (November 17, 2010): This vendor may now be known as Allied Telesis.