Описание
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl.
This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.
A flaw was found in Erlang OTP tftp_file modules. This vulnerability allows an attacker to exploit a weakness in how file paths are handled, known as Relative Path Traversal. By manipulating these paths, an attacker could gain unauthorized access to sensitive files on the system, potentially leading to information disclosure.
Отчет
This vulnerability has a LOW impact. A relative path traversal flaw in the Erlang/OTP TFTP modules could allow an attacker to access or write files outside the intended TFTP directory. This issue affects systems where the Erlang TFTP service is exposed and actively used.
Меры по смягчению последствий
Restrict network access to the TFTP service to trusted hosts using firewall rules. Ensure the TFTP server is configured to operate within a chroot environment to limit file system access. If the TFTP service is not required, disable it.
Example for disabling the TFTP service (if managed by systemd):
sudo systemctl stop tftp.service
sudo systemctl disable tftp.service
Restart the TFTP service after applying any configuration changes for them to take effect.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 16.2 | erlang | Fix deferred | ||
| Red Hat OpenStack Platform 17.1 | erlang | Fix deferred | ||
| Red Hat OpenStack Platform 18.0 | erlang | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.2 Medium
CVSS3
Связанные уязвимости
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.
Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program files lib/tftp/src/tftp_file.erl, src/tftp_file.erl. This issue affects otp: from 17.0, from 07b8f441ca711f9812fad9e9115bab3c3aa92f79; otp: from 5.10 before 7.0; otp: from 1.0.
Relative Path Traversal, Improper Isolation or Compartmentalization vu ...
EPSS
4.2 Medium
CVSS3