Multiple Vulnerabilities in NetWin's SurgeLDAP

Reported August 13, 2003, by Ziv Kamir.

VERSIONS AFFECTED

• NetWin SurgeLDAP

DESCRIPTION

Four new vulnerabilities have been discovered in NetWin’s SurgeLDAP, the most serious of which could result in a Denial of Service (DoS) condition. These four new vulnerabilities are:

• Path disclosure of the SurgeLDAP installation directory
• Cross Site Scripting
• DoS condition
• Clear-text password storage

Path disclosure:
By requesting a file that doesn't exist on the server (e.g., http://127.0.0.1:6680/aaa.html) someone could cause the server to return the path under which the product is installed.

Cross Site Scripting:
At least one of the parameters that SurgeLDAP's Common Gateway Intefaces (CGIs) parse lets remote attackers insert malicious HTML or JavaScript code into pages.

DoS vulnerability:
A remote user can issue an HTTP GET request for a large number of characters (e.g., '/AAAAA\[501 times\]'), causing the server crash.

Clear Text Password Storage Vulnerability:
SurgeLDAP stores usernames and passwords in clear text in the C:\surgeldap\user.dat file.

VENDOR RESPONSE

NetWin recommends upgrading to the latest release of SurgeLDAP, which is available on the company's Web site.

CREDIT                                                                                                       

 

Discovered by Zive Kamir.