TFTP Traversal Arbitrary File Access
Medium Nessus Plugin ID 18262
SynopsisThe remote TFTP server can be used to read arbitrary files on the remote host.
DescriptionThe TFTP (Trivial File Transfer Protocol) server running on the remote host is vulnerable to a directory traversal attack that allows an attacker to read arbitrary files on the remote host by prepending their names with directory traversal sequences.
SolutionDisable the remote TFTP daemon, run it in a chrooted environment, or filter incoming traffic to this port.