[Openvas-plugins] secpod_wintftp_server_dir_trav_vuln.nasl: false positives(I guess)

Antu Sanadi santu at secpod.com
Thu Feb 16 14:40:42 CET 2012 

Hi,

Fixed the issue. Updated the plugin.
Please let me know if you found any issues.

Than you!

Regards,
Antu Sanadi

On Thursday 16 February 2012 06:21 PM, Antu Sanadi wrote:
> Hi,
>
> Thanks for reporting. Let me check this.
>
> Regards,
> Antu Sanadi
>
> On Thursday 16 February 2012 04:51 PM, Torbjorn.Wictorin at its.uu.se wrote:
>> hello,
>>
>> I have seen (at least) Windows 2003 SP2, with Windows Deployment Service (WDS)
>> of which TFTPD is a part.
>>
>> Openvas signals for secpod_wintftp_server_dir_trav_vuln.nasl:
>>
>>>     Overview: This host is running WinTFTP Server and is prone to directory traversal
>>>     Vulnerability.
>>>
>>>     Vulnerability Insight:
>>>     The flaw is caused due to an error in handling 'GET' and 'PUT' requests which
>>>     can be exploited to download arbitrary files from the host system.
>>>
>>>     Impact:
>>>     Succesful exploitation will allow attackers to read arbitrary files
>>>     on the affected application.
>>>
>>>     Affected Software/OS:
>>>     WinTFTP Server pro version 3.1
>>>
>>>     Fix:No solution or patch is available as on 29th November 2010. Information
>>>     regarding this issue will be updated once the solution details are available.
>>>     For updates refer,http://www.wintftp.com/
>> I am NOT a windows person, so this is guesswork mostly:
>>
>> - Tried to exploit the host using a suggestion in the references with no
>>    success.
>>
>> - The hosthttp://www.wintftp.com/  does not seem to exist anymore.
>>
>> - Probably this is not 'WinTFTP' but a microsoft something.
>>
>> So I think this test should be removed or at least overseen by someone
>> who understand windows.
>>
>> Torbjörn Wictorin,
>> Uppsala university
>>
>>
>> _______________________________________________
>> Openvas-plugins mailing list
>> Openvas-plugins at wald.intevation.org
>> http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
>
>
> _______________________________________________
> Openvas-plugins mailing list
> Openvas-plugins at wald.intevation.org
> http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-plugins/attachments/20120216/8e63387a/attachment.html>

More information about the Openvas-plugins mailing list