Timbuktu Pro < 8.6.5 Multiple Vulnerabilities

critical Nessus Plugin ID 25954

Synopsis

The remote Windows host has a program that is affected by multiple issues.

Description

According to its version, the installation of Timbuktu Pro on the remote host reportedly is affected by three buffer overflows that can be exploited without authentication to crash the service or execute arbitrary code on the affected host with SYSTEM privileges.

In addition, the application also may allow for creation or deletion of arbitrary files with SYSTEM privileges on the affected host.

Solution

Upgrade to Timbuktu Pro for Windows version 8.6.5 or later.

See Also

http://www.nessus.org/u?0e048278

http://www.nessus.org/u?83c900c6

https://seclists.org/bugtraq/2007/Aug/424

https://seclists.org/bugtraq/2007/Aug/425

http://www.nessus.org/u?f33df19c

Plugin Details

Severity: Critical

ID: 25954

File Name: timbuktu_865.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 8/30/2007

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2007-4220, CVE-2007-4221

BID: 25453, 25454

CWE: 119, 20, 22