2007-06 Sentinel Protection Server Directory Traversal

From: VulnerabilityResearch@DigitalDefense.net
To: bugtraq@securityfocus.com
Subject: 2007-06 Sentinel Protection Server Directory Traversal

Sentinel Protection Server Directory Traversal


Date Discovered
October 10th, 2007

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey Lebleu

Vulnerability Description
A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system.

Solution Description
Digital Defense, Inc. initially notified SafeNet on October 12, 2007 and received confirmation from the notification on October 30, 2007.  SafeNet informed DDI that it would be releasing a patch for this flaw on November 16, 2007.  At this time, DDI does not have a resolution number for the SafeNet patch for this flaw.    

Tested Systems / Software (with versions)
Sentinel Protection Server 7.1
Other versions may be vulnerable to this flaw.

Vendor Contact

Copyright © 1995-2020 LinuxRocket.net. All rights reserved.