A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system. Sentinel Protection Server version 7.1 is affected.
dffb03dd9181a15df67067f309c62e9515445ba6b21dab2a0a783789bdd11745Title
-----
Sentinel Protection Server Directory Traversal
Severity
--------
High
Date Discovered
---------------
October 10th, 2007
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey Lebleu
Vulnerability Description
-------------------------
A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system.
Solution Description
--------------------
Digital Defense, Inc. initially notified SafeNet on October 12, 2007 and received confirmation from the notification on October 30, 2007. SafeNet informed DDI that it would be releasing a patch for this flaw on November 16, 2007. At this time, DDI does not have a resolution number for the SafeNet patch for this flaw.
Tested Systems / Software (with versions)
-----------------------------------------
Sentinel Protection Server 7.1
Other versions may be vulnerable to this flaw.
Vendor Contact
--------------
SafeNet
http://www.safenet-inc.com/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed