As mentioned in section 9.2.3, TFTP is a UDP-based file transfer program that provides no security. The TFTP program is allowed to transfer a set of files to any system on the Internet that asks for them. TFTP is often used to allow diskless hosts to boot from the network. Because TFTP lacks security, tftp is usually limited to transferring files only to or from a certain directory. Early versions of tftp did not impose file transfer restrictions. In particular, versions of SunOS prior to release 4.0 did not restrict file transfer from tftp.
The following procedure can be used to test a system's version
of tftp for security problems [GS91]:
tftp> get /etc/passwd tmp
Error code 1: File not found
If tftp either hangs with no message or does not respond with ``File not found'' and instead transfers the file, tftp should be replaced with a current version.