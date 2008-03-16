16 Mar. 2008



Summary

Timbuktu Pro [1] is "a desktop-to-desktop remote control software for the Windows and Macintosh operating systems". The following vulnerabilities have been identified in Timbuktu Pro:



1) File transfer directory traversal (CVE-2008-1117): The '\' and '/' are not properly sanitized when checking the destination filename. The problem resides in the Notes feature implemented by tb2ftp.dll loaded by the tb2pro.exe. This is the main issue.



2) Log input manipulation (CVE-2008-1118): Several fields of the packet containing peer information (computer name, user name and IP address) are taken from the packet sent to the target and used to display this information on the screen of the target.



The vulnerabilities discovered in Timbuktu Pro allow a remote attacker to upload a file to an arbitrary location on the victim's machine and forge peer information on the log lines of the victim's application. For example, an attacker could write an executable in a startup directory of the victim's machine and wait for the user to restart his/her machine. Another example is to write a fake system DLL in an existing program directory, inducing Windows to load this module instead of the real DLL from C:\WINDOWS\system32\



Credit:

The information has been provided by Core Security Technologies Advisories.

The original article can be found at: http://www.coresecurity.com/?action=item&id=2166





http://www.securiteam.com/windowsntfocus/5PP0B1PNQI.html