AOH :: HP Unsorted S :: TB13580.HTM

Sentinel Protection Server Directory Traversal



2007-06 Sentinel Protection Server Directory Traversal
2007-06 Sentinel Protection Server Directory Traversal



Title
-----
Sentinel Protection Server Directory Traversal

Severity
--------
High

Date Discovered
---------------
October 10th, 2007

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Corey Lebleu

Vulnerability Description
-------------------------
A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system.

Solution Description
--------------------
Digital Defense, Inc. initially notified SafeNet on October 12, 2007 and received confirmation from the notification on October 30, 2007.  SafeNet informed DDI that it would be releasing a patch for this flaw on November 16, 2007.  At this time, DDI does not have a resolution number for the SafeNet patch for this flaw.

Tested Systems / Software (with versions)
-----------------------------------------
Sentinel Protection Server 7.1
Other versions may be vulnerable to this flaw.

Vendor Contact
--------------
SafeNet
http://www.safenet-inc.com/ 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.