Broker 5.9.5.0 Directory Traversal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AFFECTED SYSTEMS

Broker 5.9.5.0

DESCRIPTION

Broker has the same *.lnk upload vulnerability than
the one I recently found in WFTPD, with :

PUT \local.lnk remote.lnk.

We can create our own link, this way, we can traverse
the homedirectory. It's even easier than the WFTPD
bug, because we can point our *.lnk file to a
directory, then we can just CD to the created link,
and we're in the directory we're not supposed to be
in.

IMPACT
users with write permissions can traverse directories,
by uploading a lnk file pointing to the desired file /
directory

VENDOR STATUS

I have sent this advisory to <supporttranssoft.com>

=======================================================
[ByteRage] <byterageyahoo.com> [www.byterage.cjb.net]
=======================================================

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]