Software602 602 LAN Suite 2004 Directory Traversal Vulnerability
BID:13519
Info
Software602 602 LAN Suite 2004 Directory Traversal Vulnerability
| Bugtraq ID: | 13519 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 05 2005 12:00AM |
| Updated: | May 05 2005 12:00AM |
| Credit: | Discovery is credited to Dr_insane. |
| Vulnerable: |
Software602 602Pro LAN SUITE 2004 2004.0 .05.0413 |
| Not Vulnerable: |
Software602 602Pro LAN SUITE 2004 2004.0 .05.0509 |
Discussion
Software602 602 LAN Suite 2004 Directory Traversal Vulnerability
602 LAN Suite 2004 is reported prone to a directory traversal vulnerability.
It is reported that an attacker can exploit this issue to detect the presence of files on a computer and potentially cause a denial of service condition.
A successful attack may aid in further attacks against the system or lead to a crash due to resource exhaustion.
602 LAN Suite 2004 is reported prone to a directory traversal vulnerability.
It is reported that an attacker can exploit this issue to detect the presence of files on a computer and potentially cause a denial of service condition.
A successful attack may aid in further attacks against the system or lead to a crash due to resource exhaustion.
Exploit / POC
Software602 602 LAN Suite 2004 Directory Traversal Vulnerability
An exploit is not required.
The following proof of concept example is available:
http://www.example.com/mail?A=/../../../../../../../[file]
An exploit is not required.
The following proof of concept example is available:
http://www.example.com/mail?A=/../../../../../../../[file]
Solution / Fix
Software602 602 LAN Suite 2004 Directory Traversal Vulnerability
Solution:
The vendor has addressed this issue in 602LAN SUITE 2004 build 2004.0.05.0509:
Software602 602Pro LAN SUITE 2004 2004.0 .05.0413
Solution:
The vendor has addressed this issue in 602LAN SUITE 2004 build 2004.0.05.0509:
Software602 602Pro LAN SUITE 2004 2004.0 .05.0413
-
Software602 602 LAN Suite 2004 (Build 2004.0.05.0509)
http://www.software602.com/download/
References
Software602 602 LAN Suite 2004 Directory Traversal Vulnerability
References:
References:
- 602LAN SUITE 2004 Release Notes (Software602)
- 602Pro LAN SUITE Product Page (Software602)