[2/5] 2X ThinClientServer 2XTFTPd Service Directory Traversal

March 31st, 2008 by

[2/5] 2X ThinClientServer 2XTFTPd Service Directory Traversal

:Luigi Auriemma has discovered a vulnerability in 2X ThinClientServer, which can be exploited by malicious people to disclose potentially sensitive information.The vulnerability is caused due an input validation error within the 2XTFTPd service (TFTPd.exe) and can be exploited to download files from arbitrary locations outside the TFTP root via specially crafted directory traversal sequences.The vulnerability is confirmed in 2X ThinClientServer version 5.0 (sp1-r3497) including TFTPd.exe version 3.2.0.0. Other versions may also be affected.Solution:Restrict network access to the TFTP service.Provided and/or discovered by:Luigi AuriemmaOriginal Advisory:http://aluigi.altervista.org/adv/thindirtrav-adv.txt

Original post by manisha

[2/5] 2X ThinClientServer 2XTFTPd Service Directory Traversal

Related Articles:

[2/5] iFoto “dir” Directory Traversal

[2/5] Mozilla Firefox “chrome:” Directory Traversal Security Issue

[3/5] IBM Informix Dynamic Server Unspecified Directory Traversal and Denial of Service

[2/5] GNU tar Directory Traversal Vulnerability

[3/5] PHP File Sharing System “cam” Directory Traversal

Posted in Advisories - Exploits | | [2/5] 2X ThinClientServer 2XTFTPd Service Directory Traversal

<< [3/5] Smoothflash “cid” SQL Injection Vulnerability | [2/5] InspIRCd Unspecified Vulnerability >>

Cybertrion Systems

[2/5] 2X ThinClientServer 2XTFTPd Service Directory Traversal

Categories

Archives:

Search:

Meta: