TFTP (Trivial File Transfer Protocol) Checks contents.gifindex.gif

TFTP (Trivial File Transfer Protocol)

TFTP is a simplified version of FTP. It has no authentication process before letting a file transfer take place. An intruder can easily grab the password file. This option checks to see if the password file is obtainable.

Risk: Medium

OS Vulnerable: All systems running TFTP

Fix: For hosts that do not need to allow TFTP access:

ISS_NT00000000.gif Disable TFTP by placing a # at the beginning of the TFTP line in the following file:

/etc/inet.conf

ISS_NT00000000.gif send the SIGHUP signal to the inetd process to restart the process. The disabled entry resembles the following line:

#tftp dgram udp wait nobody /etc/tftpd tftpd -n

If a host needs to run TFTP, make sure the home directory is defined to restrict it from reading files everywhere. An example of the configuration in /etc/inetd.conf (depending on UNIX platform) might resemble this line:

tftp dgram udp wait root /usr/etc/in.tftpd in.tftpd -s /tftpboot

The inetd process must be restarted or forced to read the updated configuration file to make the change effective.

Advisories: CA-89:05.ultrix3.0.hole , CA-91:18.Active.Internet.tftp.Attacks, CA-91:19.AIX.TFTP.Daemon.vulnerability