icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Software602 602Pro LAN SUITE < 2004.0.05.0509 Directory Traversal Arbitrary File Access

Medium

Synopsis

The remote host is vulnerable to a directory traversal flaw.

Description

The remote host is running the 602Pro LAN SUITE, an application that provides web, FTP, telnet, DNS, RealAudio, SSL services and proxying. This version of 602Pro LAN SUITE is vulnerable to a remote directory traversal attack within the 'mail' scripts 'A' parameter. An attacker exploiting this flaw would simply supply a typical '../../' directory traversal query to the 'A' parameter. Successful exploitation would give the attacker access to any files on the remote system. This introduces a loss of confidentiality.

Solution

Upgrade to version 2004.0.05.0509 or higher.