Reported August 13, 2003, by Ziv Kamir.

 

 

VERSIONS AFFECTED

 

  • NetWin SurgeLDAP

 

 

DESCRIPTION

 

Four new vulnerabilities have been discovered in NetWin’s SurgeLDAP, the most serious of which could result in a Denial of Service (DoS) condition. These four new vulnerabilities are:

 

  • Path disclosure of the SurgeLDAP installation directory
  • Cross Site Scripting
  • DoS condition
  • Clear-text password storage

 

Path disclosure:
By requesting a file that doesn't exist on the server (e.g., http://127.0.0.1:6680/aaa.html) someone could cause the server to return the path under which the product is installed.

Cross Site Scripting:
At least one of the parameters that SurgeLDAP's Common Gateway Intefaces (CGIs) parse lets remote attackers insert malicious HTML or JavaScript code into pages.

 

DoS vulnerability:
A remote user can issue an HTTP GET request for a large number of characters (e.g., '/AAAAA\[501 times\]'), causing the server crash.

Clear Text Password Storage Vulnerability:
SurgeLDAP stores usernames and passwords in clear text in the C:\surgeldap\user.dat file.


VENDOR RESPONSE

 

NetWin recommends upgrading to the latest release of SurgeLDAP, which is available on the company's Web site.

 

CREDIT                                                                                                       

 

Discovered by Zive Kamir.