|Check Point Reference:||CPAI-2007-014|
|Date Published:||15 Jan 2007|
|Last Updated:||15 Nov 2011|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Trivial File Transfer Protocol (TFTP) is a protocol used for transferringfiles, allowing remote users to download and upload files to the server. TheTFTP server communicates with clients over UDP port 69. 3Com TFTP Server is a TFTP server service used for easier transfer of filesto or from the server. A remote attacker may send a specially crafted TFTP request packet to avulnerable server. This may allow the attacker to create a denial of servicecondition or execute arbitrary code on an affected system. Any codeexecution will be within the context of the running service, normally"System".|
This protection will block malformed TFTP requests.The detect mode makes it possible to track unauthorized traffic without blocking it.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: TFTP Enforcement Violation.
Attack Information: 3Com TFTP server transporting mode remote buffer overflow