Executive Summary
Summary | |
---|---|
Title | Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32 |
Informations | |||
---|---|---|---|
Name | VU#632633 | First vendor Publication | 2009-11-19 |
Vendor | VU-CERT | Last vendor Modification | 2009-11-19 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#632633Wyse Simple Imager (WSI) includes vulnerable versions of TFTPD32OverviewWyse Simple Imager (WSI) includes older versions version of TFTPD32 that contains publicly known vulnerabilities. An attacker could exploit these vulnerabilities to potentially execute arbitrary code on the system running WSI and TFTPD32.I. DescriptionWyse Simple Imager (WSI) is a component of Wyse Device Manager (WDM, formerly known as Wyse Rapport). WSI includes TFTPD32 as the TFTP service to load firmware images on client devices. The versions of TFTPD32 contains several known vulnerabilities. The following list of TFTPD32 vulnerabilities is based on public information:
II. ImpactAn attacker with network access to TFTPD32 could execute arbitrary code or cause a denial of service on a vulnerable system.III. SolutionUse Wyse WDM and USB Imaging Tool
Restrict Access to WSI To limit the exposure of TFTPD32, run WSI systems on a physically isolated network, such as a staging network where client devices are imaged before production deployment.. Systems Affected
References
These vulnerabilities were analyzed and reported by Kevin Finisterre of Netragard/SNOsoft and Art Manion. This document was written by Art Manion.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/632633 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-05-23 | Name : TFTPD32 Request Error Message Format String Vulnerability File : nvt/secpod_tftpd32_req_format_string_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
60130 | TFTP32 tftpd MS-DOS Device Name GET Request Remote DoS |
57701 | Tftpd32 GET / PUT Request Absolute Path Arbitrary File Manipulation |
45903 | TFTP32 tftpd Filename Argument Handling Remote Overflow A buffer overflow exists in TFTP32. tftpd fails to validate filename arguments resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
30502 | Tftpd32 GET/PUT Command File Name Handling Overflow DoS |
22661 | Tftpd32 Error Message Remote Format String A remote format string vulnerability in Tftpd32 can be triggered when the server uses the filename passed in TFTP requests to construct an error message. With a specially crafted filename, an attacker can cause arbitrary code execution, resulting in a loss of integrity. |
12898 | Tftpd32 Long File Name Request Remote DoS Tftpd32 contains a flaw that may allow a remote denial of service. The issue is triggered when the server receives a TFTP request with a long filename, and will result in loss of availability for the service. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-11-18 | Name : The remote TFTP server is affected by a buffer overflow vulnerability. File : tftpd32_filename_overflow.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
2006-01-20 | Name : The remote tftp server is affected by a format string vulnerability. File : tftpd32_format_string.nasl - Type : ACT_DENIAL |
2005-05-16 | Name : The remote TFTP server can be used to read arbitrary files on the remote host. File : tftpd_dir_trav.nasl - Type : ACT_ATTACK |