Description
Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by spybreak · textremotelinux
https://www.exploit-db.com/exploits/21310
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101494896516467&w=2
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2002/dsa-121
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4194
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8313.php
Scores
EPSS
0.0277
EPSS Percentile
86.1%
Details
Status
published
Products (2)
xtell/xtell
1.91.1
xtell/xtell
2.6.1
Published
Jun 25, 2002
Tracked Since
Feb 18, 2026