Reported
August 13, 2003, by Ziv Kamir.
VERSIONS AFFECTED
DESCRIPTION
Four new vulnerabilities have
been discovered in NetWin’s SurgeLDAP, the most serious of which could result in
a Denial of Service (DoS) condition. These four new vulnerabilities are:
Path disclosure:
DoS vulnerability:
NetWin recommends upgrading
to the latest release of SurgeLDAP, which is available on the company's
Web site.
CREDIT
Discovered by
Zive Kamir.
By requesting a file that doesn't exist on the server (e.g.,
http://127.0.0.1:6680/aaa.html) someone could cause the server to return the
path under which the product is installed.
Cross Site Scripting:
At least one of the parameters that SurgeLDAP's Common Gateway Intefaces (CGIs)
parse lets remote attackers insert malicious HTML or JavaScript code into pages.
A remote user can issue an HTTP GET request for a large number of characters
(e.g., '/AAAAA\[501 times\]'), causing the server crash.
Clear Text Password Storage Vulnerability:
SurgeLDAP stores usernames and passwords in clear text in the C:\surgeldap\user.dat
file.
VENDOR RESPONSE
Multiple Vulnerabilities in NetWin's SurgeLDAP
0 comments
Hide comments