COMMAND

    Broker

SYSTEMS AFFECTED

    Broker 5.9.5.0

PROBLEM

    'ByteRage'  found  following.   Broker  has  the same *.lnk upload
    vulnerability than the one ecently found in WFTPD, with:

        PUT \local.lnk remote.lnk

    We  can  create  our  own  link,  this  way,  we  can traverse the
    homedirectory.  It's  even easier than  the WFTPD bug,  because we
    can point our *.lnk  file to a directory,  then we can just  CD to
    the created link,  and we're in  the directory we're  not supposed
    to be in.

    Users  with  write  permissions   can  traverse  directories,   by
    uploading a lnk file pointing to the desired file / directory.

SOLUTION

    Vendor knows about it.