SafeNet Sentinel Protection Server和Sentinel Keys Server 路径遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113994 漏洞类型 路径遍历
发布时间 2007-11-26 更新时间 2015-09-30
CVE编号 CVE-2007-6483 CNNVD-ID CNNVD-201504-480
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/30809
https://www.securityfocus.com/bid/76892
https://cxsecurity.com/issue/WLB-2014050107
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201504-480
|漏洞详情
SafeNetSentinelProtectionServer和KeysServer都是SafeNet公司推出的网络加密解决方案。SafeNetSentinelProtectionServer7.0.0版本至7.4.0版本和SentinelKeysServer1.0.3及之前版本中存在目录遍历漏洞。远程攻击者可借助查询字符串中的目录遍历字符‘..’利用该漏洞读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/26583/info

Sentinel Protection Server and Keys Server are prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

This issue affects Protection Server 7.0.0 through 7.4.0, and Keys Server 1.0.3; earlier versions may also be vulnerable. 

http://www.example.com:6002/../../../../../../boot.ini
http://www.example.com:7002/../../../../../../winnt/repair/sam
|受影响的产品
Honeywell Experion PKS R310.3 Honeywell Experion PKS R310.0
|参考资料

来源:BID
名称:26583
链接:http://www.securityfocus.com/bid/26583