BID:22490

Kiwi CatTools TFTP Directory Traversal Vulnerability

Info

Kiwi CatTools TFTP Directory Traversal Vulnerability

Bugtraq ID:	22490
Class:	Input Validation Error
CVE:	CVE-2007-0888
Remote:	Yes
Local:	No
Published:	Feb 08 2007 12:00AM
Updated:	Feb 20 2007 10:36PM
Credit:	Nicob is credited with the discovery of this vulnerability.
Vulnerable:	Kiwi CatTools 3.2.8 Kiwi CatTools 3.1 Kiwi CatTools 2.0 Kiwi CatTools 3.2.0 beta

Not Vulnerable:	Kiwi CatTools 3.2.9

Discussion

Kiwi CatTools TFTP Directory Traversal Vulnerability

Kiwi CatTools is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve or write arbitrary files on vulnerable computers in the context of the affected application. This may aid in further attacks.

This issue affects versions 2.0.0 through 3.2.8.

Exploit / POC

Kiwi CatTools TFTP Directory Traversal Vulnerability

Attackers may exploit this vulnerability via a TFTP client.

The following proof of concept is available:

tftp -i 10.11.12.13 GET a//..//..//..//..//..//boot.ini
tftp -i 10.11.12.13 PUT foo.exe a//..//trojan.exe

Solution / Fix

Kiwi CatTools TFTP Directory Traversal Vulnerability

Solution:
The vendor released an update to address this issue. Please contact the vendor for information on how to obtain and apply this update.

Kiwi CatTools 3.2.0 beta

Kiwi Kiwi_CatTools_TFTP_Upgrade_1.0.0.8.Setup.exe
http://www.kiwitools.com/downloads/cattools/Kiwi_CatTools_TFTP_Upgrade _1.0.0.8.Setup.exe

Kiwi CatTools 2.0

Kiwi Kiwi_CatTools_TFTP_Upgrade_1.0.0.8.Setup.exe
http://www.kiwitools.com/downloads/cattools/Kiwi_CatTools_TFTP_Upgrade _1.0.0.8.Setup.exe

Kiwi CatTools 3.1

Kiwi Kiwi_CatTools_TFTP_Upgrade_1.0.0.8.Setup.exe
http://www.kiwitools.com/downloads/cattools/Kiwi_CatTools_TFTP_Upgrade _1.0.0.8.Setup.exe

Kiwi CatTools 3.2.8

Kiwi Kiwi_CatTools_TFTP_Upgrade_1.0.0.8.Setup.exe
http://www.kiwitools.com/downloads/cattools/Kiwi_CatTools_TFTP_Upgrade _1.0.0.8.Setup.exe

References

Kiwi CatTools TFTP Directory Traversal Vulnerability

References:

Kiwi CatTools Homepage (Kiwi)
PATCH AVAILABLE: TFTP server upgrade (Kiwi)
TFTP directory traversal in Kiwi CatTools ([email protected])