|Title||Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32|
|Name||VU#632633||First vendor Publication||2009-11-19|
|Vendor||VU-CERT||Last vendor Modification||2009-11-19|
Security-Database Scoring CVSS v2
|Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)|
|Cvss Base Score||7.5||Attack Range||Network|
|Cvss Impact Score||6.4||Attack Complexity||Low|
|Cvss Expoit Score||10||Authentification||None Required|
|Calculate full CVSS 2.0 Vectors scores|
Vulnerability Note VU#632633
Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32
OverviewWyse Simple Imager (WSI) includes older versions version of TFTPD32 that contains publicly known vulnerabilities. An attacker could exploit these vulnerabilities to potentially execute arbitrary code on the system running WSI and TFTPD32.
I. DescriptionWyse Simple Imager (WSI) is a component of Wyse Device Manager (WDM, formerly known as Wyse Rapport). WSI includes TFTPD32 as the TFTP service to load firmware images on client devices. The versions of TFTPD32 contains several known vulnerabilities. The following list of TFTPD32 vulnerabilities is based on public information:
II. ImpactAn attacker with network access to TFTPD32 could execute arbitrary code or cause a denial of service on a vulnerable system.
III. SolutionUse Wyse WDM and USB Imaging Tool
Restrict Access to WSI
To limit the exposure of TFTPD32, run WSI systems on a physically isolated network, such as a staging network where client devices are imaged before production deployment..
These vulnerabilities were analyzed and reported by Kevin Finisterre of Netragard/SNOsoft and Art Manion.
This document was written by Art Manion.
|Url : http://www.kb.cert.org/vuls/id/632633|
CWE : Common Weakness Enumeration
|CWE-119||Failure to Constrain Operations within the Bounds of a Memory Buffer|
|CWE-264||Permissions, Privileges, and Access Controls|
|CWE-20||Improper Input Validation|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
|60130||TFTP32 tftpd MS-DOS Device Name GET Request Remote DoS|
|57701||Tftpd32 GET / PUT Request Absolute Path Arbitrary File Manipulation|
|45903||TFTP32 tftpd Filename Argument Handling Remote Overflow|
|30502||Tftpd32 GET/PUT Command File Name Handling Overflow DoS|
|22661||Tftpd32 Error Message Remote Format String|
|12898||Tftpd32 Long File Name Request Remote DoS|
|2002-11-19||TFTPD32 <= 2.21 Long Filename Buffer Overflow|