Software602 602Pro LAN SUITE < 2004.0.05.0509 Directory Traversal Arbitrary File Access
Medium Nessus Network Monitor Plugin ID 2883
SynopsisThe remote host is vulnerable to a directory traversal flaw.
DescriptionThe remote host is running the 602Pro LAN SUITE, an application that provides web, FTP, telnet, DNS, RealAudio, SSL services and proxying. This version of 602Pro LAN SUITE is vulnerable to a remote directory traversal attack within the 'mail' scripts 'A' parameter. An attacker exploiting this flaw would simply supply a typical '../../' directory traversal query to the 'A' parameter. Successful exploitation would give the attacker access to any files on the remote system. This introduces a loss of confidentiality.
SolutionUpgrade to version 2004.0.05.0509 or higher.