[Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0
jfvanmeter at comcast.net
jfvanmeter at comcast.net
Tue Feb 12 17:04:16 GMT 2008
Interresting, how are you running the Get command? Is safenet installed on a workstation or server?
--John
-------------- Original message ----------------------
From: Luigi Auriemma <aluigi at autistici.org>
> jfvanmeter at comcast.net wrote:
> > Hello everyone, was the server rebooted after the patch was installed?
>
> Naturally, in fact before the patch I was able to exploit the directory
> traversal with both slash and backslash while after having applied the
> fix only when I use the backslash.
>
> I have also uninstalled, redownloaded and reinstalled both the program
> and the patch just in this moment and I can confirm the exact behaviour
> described above.
>
>
> ---
> Luigi Auriemma
> http://aluigi.org
Full-Disclosure is hosted and sponsored by Secunia.