[Openvas-plugins] secpod_wintftp_server_dir_trav_vuln.nasl: false positives(I guess)
santu at secpod.com
Thu Feb 16 14:40:42 CET 2012
Fixed the issue. Updated the plugin.
Please let me know if you found any issues.
On Thursday 16 February 2012 06:21 PM, Antu Sanadi wrote:
> Thanks for reporting. Let me check this.
> Antu Sanadi
> On Thursday 16 February 2012 04:51 PM, Torbjorn.Wictorin at its.uu.se wrote:
>> I have seen (at least) Windows 2003 SP2, with Windows Deployment Service (WDS)
>> of which TFTPD is a part.
>> Openvas signals for secpod_wintftp_server_dir_trav_vuln.nasl:
>>> Overview: This host is running WinTFTP Server and is prone to directory traversal
>>> Vulnerability Insight:
>>> The flaw is caused due to an error in handling 'GET' and 'PUT' requests which
>>> can be exploited to download arbitrary files from the host system.
>>> Succesful exploitation will allow attackers to read arbitrary files
>>> on the affected application.
>>> Affected Software/OS:
>>> WinTFTP Server pro version 3.1
>>> Fix:No solution or patch is available as on 29th November 2010. Information
>>> regarding this issue will be updated once the solution details are available.
>>> For updates refer,http://www.wintftp.com/
>> I am NOT a windows person, so this is guesswork mostly:
>> - Tried to exploit the host using a suggestion in the references with no
>> - The hosthttp://www.wintftp.com/ does not seem to exist anymore.
>> - Probably this is not 'WinTFTP' but a microsoft something.
>> So I think this test should be removed or at least overseen by someone
>> who understand windows.
>> Torbjörn Wictorin,
>> Uppsala university
>> Openvas-plugins mailing list
>> Openvas-plugins at wald.intevation.org
> Openvas-plugins mailing list
> Openvas-plugins at wald.intevation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openvas-plugins