DDIVRT-2008-10 PacketTrap TFTP Directory Traversal Vulnerability

Type securityvulns
Reporter Securityvulns
Modified 2008-03-03T00:00:00



DDIVRT-2008-10 PacketTrap PT360 Tool Suite TFTP Arbitrary File Access



Discovered By

Digital Defense, Inc. Vulnerability Research Team Credit: princeofnigeria and r@b13$

Date Discovered


Vulnerability Description

DDI VRT staff notified PacketTrap Networks, Inc. on February 7, 2008 of a flaw within the PacketTrap PT360 suite. Specifically, the default installation of the PacketTrap PT360 Tool Suite Version TFTP server component is susceptible to directory traversal attack. A remote or local attacker can exploit this flaw to retrieve arbitrary files outside of the TFTP server root directory. This vulnerability also allows a remote attacker to overwrite and modify system files which could facilitate a full system compromise.

Solution Description

PacketTrap Networks, Inc. released a patch (#3302) for this flaw on February 29, 2008.

Tested Systems / Software (with versions)

Windows XP Professional Service Pack 2, PacketTrap PT360 Tool Suite Version Other versions may be vulnerable.

Vendor Contact

Name: PacketTrap Networks, Inc. Website: http://www.packettrap.com/