| VID |
16127 |
| Severity |
40 |
| Port |
69 |
| Protocol |
UDP |
| Class |
TFTP |
| Detailed Description |
The Kiwi CatTools TFTP server is vulnerable to a directory traversal attack. Kiwi CatTools is a freeware application for device configuration management. The TFTP server in Kiwi CatTools versions 2.0.0 through to 3.2.8 could could allow a remote attacker to traverse directories on the system, caused by failing to sanitize filenames of diretory traversal sequences. By sending a specially-crafted PUT or GET command containing "dot dot" directory traversal sequences (//..//), a remote attacker could traverse directories and upload or download files outside the TFTP root directory.
Example:
get [character]//..//..//[file]
put [character]//..//..//[file]
* References:
http://www.kiwisyslog.com/kb/idx/5/178/article/
http://www.securityfocus.com/archive/1/459500/30/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052288.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052697.html
http://www.frsirt.com/english/advisories/2007/0536
http://secunia.com/advisories/24103/
* Platforms Affected:
Kiwi Enterprises, Kiwi CatTools versions 2.0.0 through to 3.2.8
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Kiwi CatTools (3.2.9 or later), as listed in Kiwi Enterprises Security Advisory at http://www.kiwisyslog.com/kb/idx/5/178/article/ |
| Related URL |
CVE-2007-0888 (CVE) |
| Related URL |
22490 (SecurityFocus) |
| Related URL |
32398 (ISS) |
|
