| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 26 Nov 2007 12:53:01 -0000 From: VulnerabilityResearch@...italDefense.net To: bugtraq@...urityfocus.com Subject: 2007-06 Sentinel Protection Server Directory Traversal Title ----- Sentinel Protection Server Directory Traversal Severity -------- High Date Discovered --------------- October 10th, 2007 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Corey Lebleu Vulnerability Description ------------------------- A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system. Solution Description -------------------- Digital Defense, Inc. initially notified SafeNet on October 12, 2007 and received confirmation from the notification on October 30, 2007. SafeNet informed DDI that it would be releasing a patch for this flaw on November 16, 2007. At this time, DDI does not have a resolution number for the SafeNet patch for this flaw. Tested Systems / Software (with versions) ----------------------------------------- Sentinel Protection Server 7.1 Other versions may be vulnerable to this flaw. Vendor Contact -------------- SafeNet http://www.safenet-inc.com/
Powered by blists - more mailing lists