[Full-disclosure] Directory traversal in SafeNet Sentinel Protection and Key Server 7.4.1.0
jfvanmeter at comcast.net
jfvanmeter at comcast.net
Tue Feb 12 17:28:18 GMT 2008
Were did you get version SafeNet Sentinel Protection and Key Server 7.4.1.0? All i see on the website is 7.4.0, and after I install the patch and reboot, it still shows as version 7.4.0.
http://www.safenet-inc.com/support/tech/sentinel.asp#
Thanks --John
-------------- Original message ----------------------
From: Luigi Auriemma <aluigi at autistici.org>
> jfvanmeter at comcast.net wrote:
> > Hello everyone, was the server rebooted after the patch was installed?
>
> Naturally, in fact before the patch I was able to exploit the directory
> traversal with both slash and backslash while after having applied the
> fix only when I use the backslash.
>
> I have also uninstalled, redownloaded and reinstalled both the program
> and the patch just in this moment and I can confirm the exact behaviour
> described above.
>
>
> ---
> Luigi Auriemma
> http://aluigi.org
Full-Disclosure is hosted and sponsored by Secunia.