Kiwi CatTools < 3.2.9 Directory Traversal Network Vulnerability

Summary

The remote tftpd server is affected by a directory traversal vulnerability. Description : Kiwi CatTools is installed on the remote host. The version installed is vulnerable to a directory traversal attack by using '[char]//..' sequences in the path. A attacker may be able to read and write files outside the tftp root.

Solution

Upgrade to Kiwi CatTools version 3.2.9 or later.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=117097429127488&w=2
http://www.kiwisyslog.com/kb/idx/5/178/article/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-0888
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

TFTP directory traversal
FSP Suite Directory Traversal Vulnerability
thttpd ssi file retrieval
Test HTTP dangerous methods
AVG AntiVirus Engine Malware Detection Bypass Vulnerability (Linux)

Take action and discover your vulnerabilities