Vulnerability Discussion
Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.
Check
Verify the TFTP daemon is configured to operate in secure mode.
Check to see if a TFTP server has been installed with the following commands:
# yum list installed tftp-server
tftp-server.x86_64 x.x-x.el7 rhel-7-server-rpms
If a TFTP server is not installed, this is Not Applicable.
If a TFTP server is installed, check for the server arguments with the following command:
# grep server_args /etc/xinetd.d/tftp
server_args = -s /var/lib/tftpboot
If the "server_args" line does not have a "-s" option and a subdirectory is not assigned, this is a finding.
Fix
Configure the TFTP daemon to operate in secure mode by adding the following line to "/etc/xinetd.d/tftp" (or modify the line to have the required value):
server_args = -s /var/lib/tftpboot