|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
Kiwi CatTools contains a flaw that allows a remote attacker to grab and put files outside of the tftp root path. The issue is due to the KiwiTFTP.dll server component does not properly sanitizing user input, specifically directory traversal style attacks ([character]//..//) supplied via the get and put commands resulting in a loss of confidentiality. This flaw could possible lead to further attacks on the system by uploading arbitrary files.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Solution |
Upgrade to Kiwi CatTools version 3.2.9 or higher, as it has been reported to fix this vulnerability. In addition, Kiwi Enterprises has released a patch to upgrade the "KiwiTFTP.dll" file to version 1.0.0.8.
|
|
Products |
|
Kiwi CatTools
 |
3.2.8 Beta |
3.2.7 |
3.2.6 |
3.2.5 |
3.2.4 |
3.2.3 |
3.2.2 |
3.2.1 |
3.2.0 Beta |
3.1.1 |
3.1.0 Beta |
3.0.x |
2.2.x |
2.1.x |
2.0.x |
|
|
|
|
|
|
|
Credit |
- Nicob - nicob
 nicob.net -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
