|
 |
|
Motorola Timbuktu Pro Denial of Service and Directory Traversal Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA29316
|
|
|
Release Date:
|
2008-03-11
|
|
Last Update:
|
2008-03-19
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Timbuktu Pro 8.x for Windows
|
| | CVE reference: | CVE-2008-1117 (Secunia mirror)
CVE-2008-1118 (Secunia mirror)
CVE-2008-1337 (Secunia mirror)
|
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
|
Description:
Some vulnerabilities have been discovered in Motorola Timbuktu Pro, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.
1) An error exists within the handling of attachments, which can be exploited to upload malicious files to arbitrary directories on a vulnerable system (e.g. the "Startup" folder") via a specially crafted message containing directory traversal sequences.
This is related to vulnerability #1 in:
SA26588
2) An error in the processing of instant messages can be exploited to terminate the application via specially crafted messages, containing e.g. an invalid "Version" field, sent to an affected system (port 407/TCP).
3) An error in the processing of instant messages can be exploited to consume a large amount of CPU resources by sending an incomplete message to an affected system (port 407/TCP).
NOTE: A log file manipulation issue via "\n" characters in specially crafted packets has also been reported.
The vulnerabilities are confirmed in Timbuktu Pro for Windows version 8.6.5 (RC 229). Other versions may also be affected.
Solution:
Use only in a trusted network environment.
Provided and/or discovered by:
Luigi Auriemma, independently discovered by Sebastián Muñiz, Core Security Technologies.
Changelog:
2008-03-12: Updated credits and "Original Advisory" section.
2008-03-19: Added CVE reference.
Original Advisory:
Luigi Auriemma:
http://aluigi.altervista.org/adv/timbuto-adv.txt
Core Security:
http://www.coresecurity.com/index.php...ontentMod&action=item&id=2166
Other References:
SA26588:
http://secunia.com/advisories/26588/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
1 Related Secunia Security Advisories
|
|
|
1. Motorola Timbuktu Pro Directory Traversal and Buffer Overflows
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
