TFTP: SolarWinds Directory Traversal
This signature detects directory traversal attempts against the SolarWinds TFTP Server. All versions prior to 5.0.60 are vulnerable. A successful attack can allow attackers to retrieve sensitive system files and use the information to further compromise the TFTP Server.
Extended Description
SolarWinds TFTP Server is distributed for the Microsoft Windows platform. The SolarWinds TFTP Server does not properly handle user-supplied input. Due to insufficient handling of user input, it is possible for a remote user to request arbitrary files from the vulnerable server. It would be possible for a remote user to download any files readable through the permissions of the TFTP Server user.
Affected Products
Solarwinds tftp_server_standard_edition
References
BugTraq: 6045
CVE: CVE-2002-1209
URL: http://securityvulns.com/docs3679.html http://support.solarwinds.net/updates/SelectProgramFree.cfm#
Short Name
TFTP:DIRECTORY:SOLAR-TFTP-TRVRS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
TFTP
Keywords
CVE-2002-1209 Directory SolarWinds Traversal bid:6045
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Solarwinds
CVSS Score
5.0