[原文]Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
Castlehill Computer Services SECURE/NET contains a flaw that allows a remote attacker to access files outside of the ftp root path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the ftp GET command.
Currently, there are no known workarounds or upgrades to correct this issue. However, Castlehill has reportedly released a patch to address this vulnerability. Contact the vendor for details.