Info

Disclosure

Apr 20, 2005

Discovery

Unknown

Dates

Exploit

Apr 20, 2005

Solution

Unknown

Description

SafeStone DetectIT may contain a flaw that allows a remote attacker to access files outside of the ftp root path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the ftp GET command.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

SafeStone

DetectIT

Unknown or Unspecified

References

Security Tracker: 1013809
Secunia Advisory ID: 15099
CVE ID: 2005-1243 (see also: NVD)
ISS X-Force ID: 20260
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0347.html
Vendor URL: http://www.safestone.com/products/detectit_overview.php
Other Advisory URL: http://www.venera.com/downloads/Canonicalization_problems_in_iSeries_FTP_security ......

Credit

Shalom Carmel - shalomvenera.com -

Direct URL: http://osvdb.org/36218