|Category:||Remote file access|
|Title:||Kiwi CatTools < 3.2.9 Directory Traversal|
|Summary:||The remote host appears to be running Kiwi CatTools, a freeware; application for device configuration management and is affected by a directory traversal vulnerability.|
The remote host appears to be running Kiwi CatTools, a freeware
application for device configuration management and is affected by a directory traversal vulnerability.
The TFTP server included with the version of Kiwi CatTools installed
on the remote host fails to sanitize filenames of directory traversal sequences.
An attacker can exploit this issue to get or put arbitrary
files on the affected host subject to the privileges of the user id
under which the server operates, LOCAL SYSTEM by default.
Upgrade to Kiwi CatTools version 3.2.9 or later.
BugTraq ID: 22490|
Common Vulnerability Exposure (CVE) ID: CVE-2007-0888
Bugtraq: 20070208 TFTP directory traversal in Kiwi CatTools (Google Search)
Bugtraq: 20070213 Re: TFTP directory traversal in Kiwi CatTools (Google Search)
XForce ISS Database: kiwicattools-tftp-directory-traversal(32398)
|Copyright||Copyright (C) 2008 Ferdy Riphagen|
|This is only one of 87302 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.