ID
VAR-200411-0227
TITLE
Allied Telesyn TFTP Daemon Multiple Remote Vulnerabilities
Trust: 0.3
DESCRIPTION
The Allied Telesyn TFTP service is reported to be prone to multiple vulnerabilities. The following specific issues are reported: 1. Allied Telesyn TFTP Server is reported susceptible to a directory-traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data. This vulnerability allows remote attackers to retrieve or overwrite the contents of arbitrary potentially sensitive files located on the serving appliance with the privileges of the TFTP server process. 2. Allied Telesyn TFTP Server is reported prone to a remote buffer-overflow vulnerability. This vulnerability may be exploited by a remote attacker to crash the affected service. NOTE (November 17, 2010): This vendor may now be known as Allied Telesis.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | allied | model: | telesyn tftp daemon | scope: | eq | version: | 1.8 | Trust: 0.3 |
| vendor: | allied | model: | telesis at-tftp server | scope: | eq | version: | 1.8 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Unknown
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 11584 | Trust: 0.3 |
REFERENCES
| url: | http://www.alliedtelesyn.com | Trust: 0.3 |
| url: | http://aluigi.altervista.org/adv/attftp-adv.txt | Trust: 0.3 |
CREDITS
Discovery of these vulnerabilities is credited to Luigi Auriemma.
Trust: 0.3
SOURCES
| db: | BID | id: | 11584 |
LAST UPDATE DATE
2022-05-17T02:06:51.769000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 11584 | date: | 2010-11-17T17:06:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 11584 | date: | 2004-11-02T00:00:00 |