CVE-2008-1117 Information

Description

Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows and possibly 8.7 for Mac OS X allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.

Reference

http://aluigi.altervista.org/adv/timbuto-adv.txt http://aluigi.org/poc/timbuto.zip http://secunia.com/advisories/29316 http://securityreason.com/securityalert/3741 http://www.coresecurity.com/?action=item&id=2166 http://www.securityfocus.com/archive/1/489360/100/0/threaded http://www.securityfocus.com/archive/1/489382/100/0/threaded http://www.securityfocus.com/archive/1/489414/100/0/threaded http://www.securityfocus.com/bid/28081 http://www.vupen.com/english/advisories/2008/0840 https://www.exploit-db.com/exploits/4455 https://www.exploit-db.com/exploits/5238