Published:2006/08/10  Last Updated:2008/05/21

JVN#62171179
Kiri directory traversal vulnerability

Overview

Database software Kiri contains a directory traversal vulnerability in its email analysis command.

Products Affected

  • Kiri ver9-2006
  • Kiri ver9-2005
  • Kiri ver9-2004

Description

Impact

If the email analysis command processes an email with an attachment with a particular file name, the attachment may be written to an unintended location.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Kanrikogaku Kenkyusho, Ltd. Vulnerable 2007/06/08

References

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000641

Update History