CVE-2007-0888 Information

Description

Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files and upload files to arbitrary locations via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.

Reference

http://secunia.com/advisories/24103 http://securityreason.com/securityalert/2236 http://www.kiwisyslog.com/kb/idx/5/178/article/ http://www.osvdb.org/33162 http://www.securityfocus.com/archive/1/459500/100/0/threaded http://www.securityfocus.com/archive/1/459933/100/0/threaded http://www.securityfocus.com/bid/22490 http://www.vupen.com/english/advisories/2007/0536 https://exchange.xforce.ibmcloud.com/vulnerabilities/32398