TFTP Traversal Arbitrary File Access

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote TFTP server can be used to read arbitrary files on the
remote host.

Description :

The TFTP (Trivial File Transfer Protocol) server running on the remote
host is vulnerable to a directory traversal attack that allows an
attacker to read arbitrary files on the remote host by prepending
their names with directory traversal sequences.

Solution :

Disable the remote TFTP daemon, run it in a chrooted environment, or
filter incoming traffic to this port.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true