Cisco TFTPD Server Directory Traversal Vulnerability

The Cisco TFTPD server is a freely available software package distributed and maintained by Cisco Systems. The software package is designed to give Microsoft Windows systems the ability to serve files via the Trivial File Transfer Protocol (TFTP).

It is possible to gain access to sensitive files on a system using the affect software. By issuing a dot-dot-slash (../) request to the server, any file on the system may be downloaded.

This makes it possible for attackers to gain access to arbitrary files, and potentially sensitive information.


Privacy Statement
Copyright 2010, SecurityFocus