Kiwi CatTools < 3.2.9 Directory Traversal Network Vulnerability

Summary

The remote tftpd server is affected by a directory traversal vulnerability. Description : Kiwi CatTools is installed on the remote host. The version installed is vulnerable to a directory traversal attack by using '[char]//..' sequences in the path. A attacker may be able to read and write files outside the tftp root.

Solution

Upgrade to Kiwi CatTools version 3.2.9 or later.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=117097429127488&w=2
http://www.kiwisyslog.com/kb/idx/5/178/article/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-0888

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Kiwi CatTools < 3.2.9 Directory Traversal
AVG AntiVirus Engine Malware Detection Bypass Vulnerability (Win)
AVG AntiVirus Engine Malware Detection Bypass Vulnerability (Linux)
Subversion SVN Protocol Parser Remote Integer Overflow
Kiwi CatTools < 3.2.9 Directory Traversal

Take action and discover your vulnerabilities