|
|
Family: Remote file access --> Category: attack
Kiwi CatTools < 3.2.9 Directory Traversal Vulnerability Scan
Vulnerability Scan Summary
Try to grab a file outside the tftp root
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote TFTP server is affected by a directory traversal
vulnerability.
Description :
The remote host appears to be running Kiwi CatTools, a freeware
application for device configuration management.
The TFTP server included with the version of Kiwi CatTools installed
on the remote host fails to sanitize filenames of diretory traversal
sequences. A possible hacker can exploit this issue to get or put arbitrary
files on the affected host subject to the rights of the user id
under which the server operates, LOCAL SYSTEM by default.
See also :
http://www.securityfocus.com/archive/1/459500/30/0/threaded
http://www.kiwisyslog.com/kb/idx/5/178/article/
Solution :
Upgrade to Kiwi CatTools version 3.2.9 or later.
Threat Level:
Critical / CVSS Base Score : 10.0
(AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
