[VIM] Vendor ACK for 123 Flash Chat issue

Steven M. Christey coley at linus.mitre.org
Wed Jan 18 03:12:22 EST 2006

Re: CVE-2006-0223 (see below)

Researcher claimed ACK but changelog was vague.

They responded within less than an hour - very nice!

---------- Forwarded message ----------
Date: Wed, 18 Jan 06 16:12:22 +0800
From: [Support]
To: coley at mitre.org
Subject: [CLD-49053]: 123flashchat server vulnerability

====== Please reply above this line ======

123flashchat server vulnerability

yes, this is a vulnerability in our old versin 5.1, and we fixed it in 5.1_2.
Thanks for contacting us!

Ticket Details
Ticket ID: CLD-49053
Department: 123 Flash Chat Support
Created On: 18 Jan 2006 03:24 PM
Last Update: 18 Jan 2006 03:24 PM
Status: Closed

<ticket no="CLD-49053"/>

Name: CVE-2006-0223
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0223
Reference: MISC:http://www.123flashchat.com/flash-chat-server-v512.html
Reference: BID:16235
Reference: URL:http://www.securityfocus.com/bid/16235
Reference: FRSIRT:ADV-2006-0198
Reference: URL:http://www.frsirt.com/english/advisories/2006/0198
Reference: OSVDB:22440
Reference: URL:http://www.osvdb.org/22440
Reference: SECUNIA:18455
Reference: URL:http://secunia.com/advisories/18455

Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat
Server Software 5.1 allows attackers to create or overwrite arbitrary
files on the server via ".." (dot dot) sequences in the username

More information about the VIM mailing list