PowerTech PowerLock Input Validation Vulnerability
BID:13312
Info
PowerTech PowerLock Input Validation Vulnerability
| Bugtraq ID: | 13312 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 21 2005 12:00AM |
| Updated: | Apr 21 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to "Shalom Carmel" <[email protected]>. |
| Vulnerable: |
PowerTech PowerLock |
| Not Vulnerable: | |
Discussion
PowerTech PowerLock Input Validation Vulnerability
PowerTech PowerLock is prone to an input validation vulnerability. Reports indicate that the software fails to filter potentially dangerous character sequences from user requests. In particular, directory traversal sequences are not filtered by the product.
This vulnerability may lead to a false sense of security, where an administrator believes that they are immune to certain attacks, when in reality they are vulnerable.
PowerTech PowerLock is prone to an input validation vulnerability. Reports indicate that the software fails to filter potentially dangerous character sequences from user requests. In particular, directory traversal sequences are not filtered by the product.
This vulnerability may lead to a false sense of security, where an administrator believes that they are immune to certain attacks, when in reality they are vulnerable.
Exploit / POC
PowerTech PowerLock Input Validation Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
PowerTech PowerLock Input Validation Vulnerability
Solution:
It is reported that the vendor has addressed this issue. This is not confirmed. Customers are advised to contact the vendor for details regarding obtaining and applying appropriate updates.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
It is reported that the vendor has addressed this issue. This is not confirmed. Customers are advised to contact the vendor for details regarding obtaining and applying appropriate updates.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
PowerTech PowerLock Input Validation Vulnerability
References:
References:
- PowerLock Homepage (PowerTech Group)
- Canonicalization and directory traversal in iSeries FTP security products ("Shalom Carmel"