[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal
From: ddivulnalert@xxxxxxxxxxxxxxxx
Date: Mon, 15 Apr 2013 14:48:39 GMT

Title
-----
DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal

Severity
--------
High

Discovered By
-------------
Evan Sylvester and r@b13$

Date Discovered
---------------
February 19, 2013

Vulnerability Description
-------------------------
The Dell EqualLogic PS6110X is vulnerable to a directory traversal. A remote 
unauthenticated attacker can leverage this vulnerability to traverse out of the 
web root and retrieve arbitrary system files.

Solution Description
--------------------
Dell has stated that the vulnerability described will be addressed in both the 
next maintenance release of the firmware, version 6.0.4, and in the next major 
firmware version. Dell plans to release the updated firmware on April 15, 2013 
and has stated that it will be available to customers with valid support 
agreements through the EqualLogic support website 
(https://support.equallogic.com/).

Tested Systems / Software (with versions)
------------------------------------------
Dell EqualLogic PS6110X ? Firmware version: 6.0.0 through 6.0.3

Vendor Contact
--------------
Dell EqualLogic
https://support.equallogic.com

Prev by Date: [ MDVSA-2013:143 ] poppler
Next by Date: [security bulletin] HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
Previous by thread: [ MDVSA-2013:143 ] poppler
Next by thread: [security bulletin] HPSBUX02866 SSRT101139 rev.1 - HP-UX Running Apache, Remote Denial of Service (DoS), Execution of Arbitrary Code and other vulnerabilities
Index(es):
- Date
- Thread