2007-06 Sentinel Protection Server Directory Traversal

Type securityvulns
Reporter Securityvulns
Modified 2007-11-27T00:00:00



Sentinel Protection Server Directory Traversal



Date Discovered

October 10th, 2007

Discovered By

Digital Defense, Inc. Vulnerability Research Team Credit: Corey Lebleu

Vulnerability Description

A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system.

Solution Description

Digital Defense, Inc. initially notified SafeNet on October 12, 2007 and received confirmation from the notification on October 30, 2007. SafeNet informed DDI that it would be releasing a patch for this flaw on November 16, 2007. At this time, DDI does not have a resolution number for the SafeNet patch for this flaw.

Tested Systems / Software (with versions)

Sentinel Protection Server 7.1 Other versions may be vulnerable to this flaw.

Vendor Contact

SafeNet http://www.safenet-inc.com/