[VIM] vendor dispute for CAN-2005-1244 (NetIQ iSeries directory
traversal)
Stuart Moore
smoore at securityglobal.net
Sun Oct 16 19:50:18 EDT 2005
This NetIQ report was not one of the disputes that we were involved with.
Stuart
security curmudgeon wrote:
> : CVE received an email from NetIQ disputing the following issue. The
> : dispute was apparently confirmed by another VDB. In the original
> : report, the researcher claims that NetIQ did not respond to his
> : inquiries, which probably contributed to the likely-incorrect report.
>
> I think I recall Stuart/SecTracker dealing with NetIQ over this, but not
> entirely sure. I also remember OSVDB working on this, and/or
> communicating with the vendor. We ended up adding it as a myth/fake
> report:
>
> http://osvdb.org/15791
>
> Vuln Desc:
> NetIQ Security Manager has been reported to contain a flaw allowing a
> remote attacker to access files outside of the FTP root path, bypassing
> its intended functionality. The original report indicated NetIQ and
> several other products were vulnerable to an underlying traversal issue in
> the iSeries product. Further examination and testing has revealed that
> NetiQ Security Manager is not vulnerable to this issue.
>
--
Stuart Moore
SecurityTracker.com
SecurityGlobal.net LLC
smoore at securityglobal.net
+1 301 495 5930 voice
+1 413 691 4346 fax
More information about the VIM
mailing list