Erlang OTP TFTP Module Relative Path Traversal Vulnerability

A relative path traversal vulnerability has been identified in the TFTP implementation of Erlang/OTP. This issue arises in versions 17.0 and later, as well as in versions 5.10 prior to 7.0, and in the TFTP application from version 1.0. The vulnerability allows remote attackers to traverse directories and access files outside the intended directory structure, potentially leading to unauthorized file read or write operations. The problem is exacerbated by the TFTP protocol's lack of authentication, allowing any machine on the network to exploit the vulnerability if it can reach the TFTP server.

Impact

Exploitation of this vulnerability can lead to unauthorized access to the file system, allowing for remote read and write operations without authentication. This could result in the exposure or modification of sensitive data, depending on the files accessed.

Reproduction

To reproduce this vulnerability, upload a file to the TFTP server using a TFTP client. Then, attempt to read or write files using relative paths that traverse above the specified root directory, bypassing the intended restrictions.

Remediation

Users are advised to update to Erlang/OTP versions 26.2.5.17, 27.3.4.8, or 28.3.2, where this vulnerability has been patched. Additionally, ensure that the TFTP server is not accessible from untrusted machines and that sensitive data is not writable by the user running the Erlang VM.