Wyse Simple Imager (WSI) is a component of Wyse Device Manager (WDM, formerly known as Wyse Rapport). WSI includes TFTPD32 as the TFTP service to load firmware images on client devices. The versions of TFTPD32 contains several known vulnerabilities. The following list of TFTPD32 vulnerabilities is based on public information:CVE-2002-2226 Buffer overflow in tftpd of TFTP32 2.21 and previous versions allows remote malicious users to execute arbitrary code via a long filename argument.CVE-2002-2237 tftp32 TFTP server 2.21 and previous versions allows remote malicious users to cause a denial of service via a GET request with a DOS device name such as com1 or aux.CVE-2002-2353 tftpd32 2.50 and 2.50.2 allows remote malicious users to read or write arbitrary files via a full pathname in GET and PUT requests.CVE-2006-0328 Format string vulnerability in Tftpd32 2.81 allows remote malicious users to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.CVE-2006-6141 Buffer overflow in Tftpd32 3.01 allows remote malicious users to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window.OSVDB ID: 12898 Tftpd32 contains a flaw that may allow a remote denial of service. The issue is triggered when the server receives a TFTP request with a long filename, and will result in loss of availability for the service.
Vulmon