lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071126125301.11625.qmail@securityfocus.com>
Date: 26 Nov 2007 12:53:01 -0000
From: VulnerabilityResearch@...italDefense.net
To: bugtraq@...urityfocus.com
Subject: 2007-06 Sentinel Protection Server Directory Traversal

Title
-----
Sentinel Protection Server Directory Traversal

Severity
--------
High

Date Discovered
---------------
October 10th, 2007

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey Lebleu

Vulnerability Description
-------------------------
A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system.

Solution Description
--------------------
Digital Defense, Inc. initially notified SafeNet on October 12, 2007 and received confirmation from the notification on October 30, 2007.  SafeNet informed DDI that it would be releasing a patch for this flaw on November 16, 2007.  At this time, DDI does not have a resolution number for the SafeNet patch for this flaw.    

Tested Systems / Software (with versions)
-----------------------------------------
Sentinel Protection Server 7.1
Other versions may be vulnerable to this flaw.

Vendor Contact
--------------
SafeNet
http://www.safenet-inc.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ