CVE-2008-1118
Motorola Timbuktu Pro 8.6.5/8.7 - Directory Traversal / Log Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does not perform input validation before logging information fields taken from packets from a remote peer, which allows remote attackers to generate crafted log entries, and possibly avoid detection of attacks, via modified (1) computer name, (2) user name, and (3) IP address fields.
Timbuktu Pro 8.6.5 para Windows, y posiblemente la versión 8.7 para Mac OS X, no efectúa la validación de parámetros de entrada previos a los campos de registro de información que aparecen en paquetes enviados desde otro servicio remoto, permite a atacantes remotos generar entradas de registro falseadas y posiblemente evitar la detección de ataques mediante la modificación de los campos nombre de ordenador, nombre de usuario y dirección IP.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-03-03 CVE Reserved
- 2008-03-13 CVE Published
- 2024-04-26 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3742 | Third Party Advisory | |
| http://www.coresecurity.com/?action=item&id=2166 | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/489414/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41330 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/5238 | 2024-08-07 | |
| http://www.securityfocus.com/bid/28081 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29316 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netopia Search vendor "Netopia" | Timbuktu Pro Search vendor "Netopia" for product "Timbuktu Pro" | 8.6.5 Search vendor "Netopia" for product "Timbuktu Pro" and version "8.6.5" | windows |
Affected
| ||||||