CVE-2008-1117
Motorola Timbuktu Pro - Directory Traversal / Arbitrary File Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.
Vulnerabilidad de salto de directorio en la utilidad de notas (también conocido como Flash Notes o mensajes intantáneos) en el módulo tb2ftp.dll de Timbuktu Pro 8.6.5 para Windows, y posiblemente en la versión 8.7 para Mac OS X, permite a atacantes remotos cargar ficheros en localizaciones arbitrarias mediante la utilización de un fichero de destino con un carácter \ (barra invertida) seguido de la secuencia de caracteres ../ (punto, punto y barra). NOTA: esto puede ser utilizado para ejecutar código al escribir el fichero en la carpeta "Inicio". NOTA: esta vulnerabilidad reportada está causada por una reparación incompleta de VE-2007-4220.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-03-03 CVE Reserved
- 2008-03-13 CVE Published
- 2010-11-24 First Exploit
- 2023-05-04 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://aluigi.altervista.org/adv/timbuto-adv.txt | X_refsource_misc | |
| http://securityreason.com/securityalert/3741 | Third Party Advisory | |
| http://www.coresecurity.com/?action=item&id=2166 | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/489360/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/489382/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/489414/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28081 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0840 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16339 | 2010-11-24 | |
| https://www.exploit-db.com/exploits/4455 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/5238 | 2024-08-07 | |
| http://aluigi.org/poc/timbuto.zip | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29316 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netopia Search vendor "Netopia" | Timbuktu Pro Search vendor "Netopia" for product "Timbuktu Pro" | 8.6.5 Search vendor "Netopia" for product "Timbuktu Pro" and version "8.6.5" | windows |
Affected
| ||||||