Security vulnerability in Timbuktu remote control software
The Timbuktu remote control software from Motorola contains multiple security vulnerabilities which unauthenticated attackers can exploit to remotely inject and execute arbitrary program code. A further vulnerability enables the creation of files and deletion of existing files on a system running the product.
According to security advisories from iDefense, specially crafted network requests and excess length login names can cause a buffer overflow on the heap. While establishing a connection to a Timbuktu server, specially crafted response packets, for instance from scanned servers, can be used to trigger a buffer overflow. A further vulnerability affects file transfers: due to missing verification on directory traversal constructs (path specifications containing ../ entries), attackers can create arbitrary files with system privileges. In the case of previously existing files, the software changes the names, but if the file transfer is aborted, the originally specified file is deleted.
The buffer overflow fault affects Timbuktu Version 126.96.36.1997 for Windows and possibly older versions, whereas the directory traversal vulnerability also affects the Mac version. The vulnerabilities have been eliminated in Timbuktu 8.6.5, released by Motorola. Administrators should either install the new version or block or restrict access to TCP and UDP ports 407, on which the software listens for incoming connections.
- Motorola Timbuktu Multiple Buffer Overflow Vulnerabilities, security advisory from iDefense
- Motorola Timbuktu Pro Directory Traversal Vulnerability, security advisory from iDefense
- Download of the updated software (login required)