TFTP Vulnerability
Hi all
It seems that with Opmanager 6, a TFTP server is installed and running by default. Unfortunately, this TFTP server has several vulnerabilities, most importantly it can be tricked into allowing directory traversals.
See here (http://www.securityfocus.com/archive/1/459500/30/0/threaded) for more information on what I'm talking about, ignore the name of the software, Opmanager seems to be affected as well...
This is bad and there seems to be no straightforward way of turning it off.
Please provide workaround/fix asap.
Regards
Remo
It seems that with Opmanager 6, a TFTP server is installed and running by default. Unfortunately, this TFTP server has several vulnerabilities, most importantly it can be tricked into allowing directory traversals.
See here (http://www.securityfocus.com/archive/1/459500/30/0/threaded) for more information on what I'm talking about, ignore the name of the software, Opmanager seems to be affected as well...
This is bad and there seems to be no straightforward way of turning it off.
Please provide workaround/fix asap.
Regards
Remo