Reported August 13, 2003, by Ziv Kamir.





  • NetWin SurgeLDAP





Four new vulnerabilities have been discovered in NetWin’s SurgeLDAP, the most serious of which could result in a Denial of Service (DoS) condition. These four new vulnerabilities are:


  • Path disclosure of the SurgeLDAP installation directory
  • Cross Site Scripting
  • DoS condition
  • Clear-text password storage


Path disclosure:
By requesting a file that doesn't exist on the server (e.g., someone could cause the server to return the path under which the product is installed.

Cross Site Scripting:
At least one of the parameters that SurgeLDAP's Common Gateway Intefaces (CGIs) parse lets remote attackers insert malicious HTML or JavaScript code into pages.


DoS vulnerability:
A remote user can issue an HTTP GET request for a large number of characters (e.g., '/AAAAA\[501 times\]'), causing the server crash.

Clear Text Password Storage Vulnerability:
SurgeLDAP stores usernames and passwords in clear text in the C:\surgeldap\user.dat file.



NetWin recommends upgrading to the latest release of SurgeLDAP, which is available on the company's Web site.




Discovered by Zive Kamir.