2007-06 Sentinel Protection Server Directory Traversal

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: 2007-06 Sentinel Protection Server Directory Traversal
From: VulnerabilityResearch@xxxxxxxxxxxxxxxxxx
Date: 26 Nov 2007 12:53:01 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Title
-----
Sentinel Protection Server Directory Traversal

Severity
--------
High

Date Discovered
---------------
October 10th, 2007

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey Lebleu

Vulnerability Description
-------------------------
A classic directory traversal condition exists within the Sentinel Protection 
Server. By sending in an HTTP GET request with a path of a file proceeded by 
and escaped traversal sequence, an attacker can leverage an arbitrary file 
access condition on the affected system.

Solution Description
--------------------
Digital Defense, Inc. initially notified SafeNet on October 12, 2007 and 
received confirmation from the notification on October 30, 2007.  SafeNet 
informed DDI that it would be releasing a patch for this flaw on November 16, 
2007.  At this time, DDI does not have a resolution number for the SafeNet 
patch for this flaw.    

Tested Systems / Software (with versions)
-----------------------------------------
Sentinel Protection Server 7.1
Other versions may be vulnerable to this flaw.

Vendor Contact
--------------
SafeNet
http://www.safenet-inc.com/

Prev by Date: [ GLSA 200711-33 ] nss_ldap: Information disclosure
Next by Date: [ GLSA 200711-34 ] CSTeX: Multiple vulnerabilities
Previous by thread: [ GLSA 200711-33 ] nss_ldap: Information disclosure
Next by thread: [ GLSA 200711-34 ] CSTeX: Multiple vulnerabilities
Index(es):
- Date
- Thread