CVE-2007-0888

Name of the Vulnerable Software and Affected Versions: Kiwi CatTools versions prior to 3.2.0 beta

Description: The issue allows remote attackers to read arbitrary files and upload files to arbitrary locations via ..// (dot dot) sequences in the pathname argument to an FTP GET or PUT command. This is a result of a directory traversal vulnerability in the TFTP server.

Recommendations: For versions prior to 3.2.0 beta, update to version 3.2.0 beta or later to resolve the issue. As a temporary workaround, consider restricting access to the TFTP server to minimize the risk of exploitation. Avoid using the ..// (dot dot) sequences in the pathname argument to an FTP GET or PUT command until the issue is resolved.