---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Motorola Timbuktu Pro Denial of Service and File Upload Vulnerabilities SECUNIA ADVISORY ID: SA29316 VERIFY ADVISORY: http://secunia.com/advisories/29316/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Timbuktu Pro 8.x for Windows http://secunia.com/product/9996/ DESCRIPTION: Luigi Auriemma has discovered some vulnerabilities in Motorola Timbuktu Pro, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. 1) An error exists within the handling of attachments, which can be exploited to upload malicious files to arbitrary directories on a vulnerable system (e.g. the "Startup" folder") via a specially crafted message containing directory traversal sequences. This is related to vulnerability #1 in: SA26588 2) An error in the processing of instant messages can be exploited to terminate the application via specially crafted messages, containing e.g. an invalid "Version" field, sent to an affected system (port 407/TCP). 3) An error in the processing of instant messages can be exploited to consume a large amount of CPU resources by sending an incomplete message to an affected system (port 407/TCP). The vulnerabilities are confirmed in Timbuktu Pro for Windows version 8.6.5 (RC 229). Other versions may also be affected. SOLUTION: Use only in a trusted network environment. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/timbuto-adv.txt OTHER REFERENCES: SA26588: http://secunia.com/advisories/26588/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------