search menu icon-carat-right cmu-wordmark

CERT Coordination Center

PTK contains multiple vulnerabilities

Vulnerability Note VU#845747

Original Release Date: 2009-03-13 | Last Revised: 2009-03-13


The PTK sleuthkit interface contains multiple vulnerabilities. If exploited, these vulnerabilities may allow an attacker to gain elevated privileges or conduct XSS attacks.


PTK is an interface to the sleuthkit forensic tools that uses Apache, PHP and MySQL. PTK versions 1.0.0 to 1.0.4 contain multiple vulnerabilities. These vulnerabilities may be triggered remotely or during the inspection of local HTML files that are rendered in web browsers.


A remote unauthenticated attacker may be able to execute arbitrary javascript or run commands in the context of the Apache web server.



Users and administrators are encouraged to update to the most recent version of PTK.

Do not connect PTK to untrusted networks

Systems running PTK should not be directly or indirectly (proxies, firewalls, etc) connected to the Internet or other untrusted networks. See the PTK security page for more information about running PTK and best practice network configurations. Note that XSS and other vulnerabilities could be triggered by local files, so this workaround is not likely to be effective in all cases.

Secure web browser configurations

Using secure browser configurations may mitigate these and future vulnerabilities.. See the Securing Your Web Browser document for more information.

Vendor Information


DFLabs Affected

Updated:  March 13, 2009



Vendor Statement

The supposed vulnerabilities underlined in the advisory have a very low impact in a real computer forensic environment, as explained in the FAQ file . Furthermore, they are actually not related to "Unauthenticated users" per se. Instead, it is more correct to use the term " a malicious user already connected to the system", since PTK makes an extensive User Auth Check since its beta version. Finally, all those supposed issues are already fixed in PTK Forensic 1.0.5 version, which has been released jan 23 2009.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base 0 AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal 0 E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)
Environmental 0 CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)



Thanks to Gabriele Zanoni (Secure Network Srl, for reporting this issue, and thanks to DFLabs for providing technical information.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: None
Severity Metric: 0.56
Date Public: 2009-03-13
Date First Published: 2009-03-13
Date Last Updated: 2009-03-13 14:47 UTC
Document Revision: 51

Sponsored by CISA.