[VIM] vendor dispute for CAN-2005-1244 (NetIQ iSeries directory traversal)

Stuart Moore smoore at securityglobal.net
Sun Oct 16 19:50:18 EDT 2005

This NetIQ report was not one of the disputes that we were involved with.


security curmudgeon wrote:
> : CVE received an email from NetIQ disputing the following issue.  The 
> : dispute was apparently confirmed by another VDB.  In the original 
> : report, the researcher claims that NetIQ did not respond to his 
> : inquiries, which probably contributed to the likely-incorrect report.
> I think I recall Stuart/SecTracker dealing with NetIQ over this, but not 
> entirely sure. I also remember OSVDB working on this, and/or 
> communicating with the vendor. We ended up adding it as a myth/fake 
> report:
> http://osvdb.org/15791
> Vuln Desc:
> NetIQ Security Manager has been reported to contain a flaw allowing a 
> remote attacker to access files outside of the FTP root path, bypassing 
> its intended functionality. The original report indicated NetIQ and 
> several other products were vulnerable to an underlying traversal issue in 
> the iSeries product. Further examination and testing has revealed that 
> NetiQ Security Manager is not vulnerable to this issue.

Stuart Moore
SecurityGlobal.net LLC
smoore at securityglobal.net
+1 301 495 5930 voice
+1 413 691 4346 fax

More information about the VIM mailing list