Ipswitch makes software for businesses to manage networks, securely transfer files, and communicate via e-mail. They also provide some free network tools, including a TFTP server.
The Ipswitch TFTP Server version 220.127.116.11 has a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploit of this vulnerability could allow an attacker to download or upload arbitrary files. Other versions may also be affected.
Restrict TFTP access to only a limited subtree of the file system. Consult your tftpd manual pages for details. Also, when no access restriction is possible, restrict TFTP access by using a TCP wrapper.
Upgrade or apply a patch if either a new release or patch becomes available.
This exploit has been tested on Ipswitch TFTP Server 18.104.22.168 on Microsoft Windows Server 2003 SP2 English (DEP OptOut).
The "Allow downloads and uploads" option on the Ipswitch TFTP server must be enabled for the exploit to work properly.
The exploit drops an executable file in the Startup folder on the target system. The target system system needs to be restarted to run the shell code.