[VIM] vendor dispute for CAN-2005-1244 (NetIQ iSeries directory traversal)

security curmudgeon jericho at attrition.org
Sun Oct 16 06:23:42 EDT 2005

: CVE received an email from NetIQ disputing the following issue.  The 
: dispute was apparently confirmed by another VDB.  In the original 
: report, the researcher claims that NetIQ did not respond to his 
: inquiries, which probably contributed to the likely-incorrect report.

I think I recall Stuart/SecTracker dealing with NetIQ over this, but not 
entirely sure. I also remember OSVDB working on this, and/or 
communicating with the vendor. We ended up adding it as a myth/fake 


Vuln Desc:
NetIQ Security Manager has been reported to contain a flaw allowing a 
remote attacker to access files outside of the FTP root path, bypassing 
its intended functionality. The original report indicated NetIQ and 
several other products were vulnerable to an underlying traversal issue in 
the iSeries product. Further examination and testing has revealed that 
NetiQ Security Manager is not vulnerable to this issue.

More information about the VIM mailing list