[VIM] vendor dispute for CAN-2005-1244 (NetIQ iSeries directory
traversal)
security curmudgeon
jericho at attrition.org
Sun Oct 16 06:23:42 EDT 2005
: CVE received an email from NetIQ disputing the following issue. The
: dispute was apparently confirmed by another VDB. In the original
: report, the researcher claims that NetIQ did not respond to his
: inquiries, which probably contributed to the likely-incorrect report.
I think I recall Stuart/SecTracker dealing with NetIQ over this, but not
entirely sure. I also remember OSVDB working on this, and/or
communicating with the vendor. We ended up adding it as a myth/fake
report:
http://osvdb.org/15791
Vuln Desc:
NetIQ Security Manager has been reported to contain a flaw allowing a
remote attacker to access files outside of the FTP root path, bypassing
its intended functionality. The original report indicated NetIQ and
several other products were vulnerable to an underlying traversal issue in
the iSeries product. Further examination and testing has revealed that
NetiQ Security Manager is not vulnerable to this issue.
More information about the VIM
mailing list