HighCheck or Attack Name: LinTftp
Some older linux distributions did not correctly limit tftp access to the /tftpboot directory, allowing attackers to retrieve the passwd file as ../etc/passwd.
TFTP is rarely needed in most network configurations and should be disabled. If TFTP is required in your configuration, you should install a more recent version of the daemon or upgrade your OS's distribution.
CERT Advisory CA-91.18, Active Internet tftp Attacks, http://www.cert.org/advisories/CA-91.18.Active.Internet.tftp.Attacks.html
