Detections
Analytics

HP-UX Ignite-UX TFTP Service Remote File Manipulation

medium Nessus Plugin ID 19510

Language:

Synopsis

The remote TFTP daemon has an arbitrary file upload vulnerability.

Description

The remote host has a vulnerable version of the HP Ignite-UX application installed that exposes a world-writeable directory to anonymous TFTP access. A remote attacker could exploit this to upload arbitrary files.

Solution

Apply the appropriate vendor patch.

See Also

http://research.corsaire.com/advisories/c041123-002.txt

Plugin Details

Severity: Medium

ID: 19510

File Name: tftp_permissions_hp_ignite_ux.nasl

Version: 1.15

Type: remote

Family: Misc.

Published: 8/26/2005

Updated: 8/22/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

Required KB Items: Services/udp/tftp

Excluded KB Items: tftp/backdoor

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 8/15/2005

Reference Information

CVE: CVE-2004-0952

BID: 14571