Full Disclosure mailing list archives

-ADVISORY- % x Thu Mar 16 14:29:16 EST 2006 x % Directory Transversal in ISC NTP

From: Ryan Smith <whatstheaddress () gmail com>
Date: Thu, 16 Mar 2006 19:29:29 +0000 (GMT)




-ADVISORY- % x Thu Mar 16 14:29:16 EST 2006 x % Directory Transversal in ISC NTP




8=====================D~~~~~~~~~~
8===D BACKGROUND
8=====================D~~~~~~~~~~
There has been no background.
8=====================D~~~~~~~~~~
8===D DESCRIPTION
8=====================D~~~~~~~~~~
Remote exploitation of a directory traversal vulnerability in ISC NTP could allow attackers to overwrite or view 
arbitrary files with user-supplied contents.

8=====================D~~~~~~~~~~
8===D HISTORY
8=====================D~~~~~~~~~~
29/1/2006 8==D Vendor Notification.
16/3/2006 8==D Public Disclosure.
8=====================D~~~~~~~~~~
8===D CVE INFORMATION
8=====================D~~~~~~~~~~
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2006-478482 to this issue

8=====================D~~~~~~~~~~
APPENDIX A VENDOR INFORMATION
8=====================D~~~~~~~~~~
http://www.isc.org/index.pl?/sw/ntp/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

-ADVISORY- % x Thu Mar 16 14:29:16 EST 2006 x % Directory Transversal in ISC NTP Ryan Smith (Mar 16)