2007-06 Sentinel Protection Server Directory Traversal

2007-11-27T00:00:00
ID SECURITYVULNS:DOC:18509
Type securityvulns
Reporter Securityvulns
Modified 2007-11-27T00:00:00

Description

Title

Sentinel Protection Server Directory Traversal

Severity

High

Date Discovered

October 10th, 2007

Discovered By

Digital Defense, Inc. Vulnerability Research Team Credit: Corey Lebleu

Vulnerability Description

A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system.

Solution Description

Digital Defense, Inc. initially notified SafeNet on October 12, 2007 and received confirmation from the notification on October 30, 2007. SafeNet informed DDI that it would be releasing a patch for this flaw on November 16, 2007. At this time, DDI does not have a resolution number for the SafeNet patch for this flaw.

Tested Systems / Software (with versions)

Sentinel Protection Server 7.1 Other versions may be vulnerable to this flaw.

Vendor Contact

SafeNet http://www.safenet-inc.com/