CVE-2008-2635

Name of the Vulnerable Software and Affected Versions BitKinex version 2.9.3

Description The issue allows remote FTP and WebDAV servers to create or overwrite arbitrary files on the client system via directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in responses to specific commands, such as a LIST command from the BitKinex FTP client or a PROPFIND command from the BitKinex WebDAV client. This vulnerability can potentially be leveraged for code execution by writing to a Startup folder.

Recommendations For BitKinex version 2.9.3, consider restricting access to the FTP and WebDAV clients until a patch is available, and avoid using these clients to connect to untrusted servers. As a temporary workaround, restrict write access to sensitive folders, such as Startup folders, to minimize the risk of exploitation.