Full Disclosure mailing list archives

[ADVISORY] | -Thu Mar 16 13:37:09 EST 2006- | Directory Transversal in ISC INN

From: sixsigma98 () hotmail com
Date: Thu, 16 Mar 2006 18:37:16 +0000 (GMT)




[ADVISORY] | -Thu Mar 16 13:37:09 EST 2006- | Directory Transversal in ISC INN




===================
1. Background
===================
There has had been no background commentary on this problem indentified.
===================
2. Description
===================
Remote exploitation of a directory traversal vulnerability in ISC INN could allow attackers to overwrite or view 
arbitrary files with user-supplied contents.

===================
3. History
===================
2-26-2006 - Vendor Notification.
1-15-2006 - Vendor Reply.
3-16-2006 - Public Disclosure.
===================
4. Workaround
===================
This vulnerability has no identified workarounds.
===================
5. CVE Information
===================
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-665571 to this issue

===================
Appendix A Vendor Information
===================
http://www.isc.org/index.pl?/sw/inn/

===================
Appendix B References
===================
RFC 1100

===================
Contact
===================
Ray P lolville () spam la
1-888-565-9428

GSAE GREM SSP-CNSA SSP-MPA GIPS GHTQ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[ADVISORY] | -Thu Mar 16 13:37:09 EST 2006- | Directory Transversal in ISC INN sixsigma98 (Mar 16)