Not an issue per se, but an implementation approach/use case which someone be able to use:
pxexploit measploit module can be used to "turn any red team engagement into a CERT effort." Wiping all their data in the process. Upstream tftp/pxe code might need some love, but the idea is that a popped system can pivot sockets, permitting DHCP->TFTP (PXE) over a meterpreter session. Without dropping anything to persistent storage on the remote end, its possible to hijack ports 67 and 68 to bootstrap the kernel. Similarly the kickstart can be served via the HTTP service via pivot, making all the logs point to the compromised host as the source of the scorched earth remedial effort (L2 and L3 addresses will match, notepad.exe owning those bound sockets might look bad however).
Not an issue per se, but an implementation approach/use case which someone be able to use:
pxexploit measploit module can be used to "turn any red team engagement into a CERT effort." Wiping all their data in the process. Upstream tftp/pxe code might need some love, but the idea is that a popped system can pivot sockets, permitting DHCP->TFTP (PXE) over a meterpreter session. Without dropping anything to persistent storage on the remote end, its possible to hijack ports 67 and 68 to bootstrap the kernel. Similarly the kickstart can be served via the HTTP service via pivot, making all the logs point to the compromised host as the source of the scorched earth remedial effort (L2 and L3 addresses will match, notepad.exe owning those bound sockets might look bad however).