COMMAND

    Viking

SYSTEMS AFFECTED

    Viking v1.07

PROBLEM

    Joe Testa  found following.   Viking v1.07  is a  'multi  protocol
    internet-server'   available   from   http://www.robtex.com.     A
    vulnerability exists  with the  web server  which allows  a remote
    user to break out of the web root using relative paths (ie '...').

    The following URL can be used to demonstrate the problem:

        http://localhost/\...\[file outside of web root]

SOLUTION

    The vendor,  RobTex, has  issued a  beta version  which fixes  the
    problem.  It is available at:

        http://www.robtex.com/viking/dl.htm