Motorola Timbuktu Pro Directory Traversal Vulnerability
BID:25453
Info
Motorola Timbuktu Pro Directory Traversal Vulnerability
| Bugtraq ID: | 25453 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4220 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 27 2007 12:00AM |
| Updated: | Sep 25 2007 10:29PM |
| Credit: | Titon of BastardLabs is credited with the discovery of this vulnerability. |
| Vulnerable: |
Motorola Timbuktu Pro for Windows 8.6.3 .1367 |
| Not Vulnerable: |
Motorola Timbuktu Pro for Windows 8.6.5 |
Discussion
Motorola Timbuktu Pro Directory Traversal Vulnerability
Motorola Timbuktu Pro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to delete or create arbitrary files with SYSTEM-level privileges. This could completely compromise affected computers.
Timbuktu Pro 8.6.3.1367 for Windows is vulnerable; other versions and platforms may also be affected.
Motorola Timbuktu Pro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to delete or create arbitrary files with SYSTEM-level privileges. This could completely compromise affected computers.
Timbuktu Pro 8.6.3.1367 for Windows is vulnerable; other versions and platforms may also be affected.
Exploit / POC
Motorola Timbuktu Pro Directory Traversal Vulnerability
Attackers can exploit this issue using readily available networking utilities.
The following exploit is available:
Attackers can exploit this issue using readily available networking utilities.
The following exploit is available:
Solution / Fix
Motorola Timbuktu Pro Directory Traversal Vulnerability
Solution:
The vendor released Timbuktu Pro 8.6.5 to address this issue. Please see the referenced release notes for details and contact the vendor for information on how to obtain the update.
Solution:
The vendor released Timbuktu Pro 8.6.5 to address this issue. Please see the referenced release notes for details and contact the vendor for information on how to obtain the update.
References
Motorola Timbuktu Pro Directory Traversal Vulnerability
References:
References:
- Motorola Timbuktu Pro Directory Traversal Vulnerability (iDefense Labs)
- Release Notes, version 8.6.5 (Motorola)
- Timbuktu Pro Homepage (Motorola)
- iDefense Security Advisory 08.27.07: Motorola Timbuktu Pro Directory Traversal (iDefense Labs)