Broker 5.9.5.0 Directory Traversal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AFFECTED SYSTEMS Broker 5.9.5.0 DESCRIPTION Broker has the same *.lnk upload vulnerability than the one I recently found in WFTPD, with : PUT \local.lnk remote.lnk. We can create our own link, this way, we can traverse the homedirectory. It's even easier than the WFTPD bug, because we can point our *.lnk file to a directory, then we can just CD to the created link, and we're in the directory we're not supposed to be in. IMPACT users with write permissions can traverse directories, by uploading a lnk file pointing to the desired file / directory VENDOR STATUS I have sent this advisory to <supportat_private> ======================================================= [ByteRage] <byterageat_private> [www.byterage.cjb.net] ======================================================= __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
This archive was generated by hypermail 2b30 : Mon Jul 02 2001 - 02:23:16 PDT