Advisory * +Thu Mar 16 21:05:17 EST 2006+ * Directory Transversal in ISC INN +++++++++++++++++++++++++++++++++++++++++++ I. Description Remote exploitation of a directory traversal vulnerability in ISC INN could allow attackers to overwrite or view arbitrary files with user-supplied contents. +++++++++++++++++++++++++++++++++++++++++++ II. History 18-2-2006 - Vendor Reply. 16-3-2006 - Public Disclosure. +++++++++++++++++++++++++++++++++++++++++++ III. Workaround This vulnerability had no workarounds on the vulnerability at hand. +++++++++++++++++++++++++++++++++++++++++++ IV. Vendor Response ISC INN is extended no identified explanation about this vulnerability indentified. +++++++++++++++++++++++++++++++++++++++++++ Appendix A Vendor Information http://www.isc.org/index.pl?/sw/inn/ +++++++++++++++++++++++++++++++++++++++++++ Appendix B References RFC 6489 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
