TFTP Backdoor Detection

critical Nessus Plugin ID 18263

Synopsis

The remote host is compromised.

Description

A TFTP server is running on this port. However, while trying to fetch a random file, we got an executable file.

Many worms are known to propagate through TFTP. This is probably a backdoor.

Solution

Disinfect / reinstall your system.

Plugin Details

Severity: Critical

ID: 18263

File Name: tftpd_backdoor.nasl

Version: Revision: 1.18

Type: remote

Family: Backdoors

Published: 5/16/2005

Updated: 1/25/2013

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Services/udp/tftp