TFTP file access


Summary

File access via the TFTP service.

Impact

Unauthorized remote access to system or user files.

Background

The TFTP (trivial file transfer protocol) service provides remote access to files, without asking for a password. It is typically used for the initialization of diskless computers, of X terminals, or of other dedicated hardware.

The problem

When the TFTP daemon does not limit access to specific files or hosts, a remote intruder can use the service to obtain copies of the password file or of other system or user files, or to remotely overwrite files.

Fix