PacketTrap pt360 TFTP Server < 1.0.3302.0 Multiple Vulnerabilities

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote TFTP server is affected by multiple flaws.

Description :

PacketTrap pt360 Tool Suite is installed on the remote system. It is a
single reporting solution that integrates various free network
management tools provided by PacketTrap Networks.

The tool suite includes a TFTP server component that is susceptible to
a directory traversal and a denial of service attack. By sending a
specially crafted string, an attacker may be able to crash the
affected service or to read or write arbitrary files on the remote
system, subject to the privileges of the user under which the TFTP
server runs.

If it is run by a user with Administrator privileges, successful
exploitation of the issue may lead to a complete system compromise.

See also :

http://seclists.org/bugtraq/2008/Mar/17
http://seclists.org/bugtraq/2008/Mar/22
http://www.emediawire.com/releases/2008/2/prweb731563.htm

Solution :

Upgrade to PacketTrap pt360 Tool Suite version 1.0.3302.0 or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 31467 ()

Bugtraq ID: 28078
28079
28187

CVE ID: CVE-2008-1310
CVE-2008-1311
CVE-2008-1312

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now