Reported August 13, 2003, by Ziv Kamir.
- NetWin SurgeLDAP
Four new vulnerabilities have been discovered in NetWin’s SurgeLDAP, the most serious of which could result in a Denial of Service (DoS) condition. These four new vulnerabilities are:
- Path disclosure of the SurgeLDAP installation directory
- Cross Site Scripting
- DoS condition
- Clear-text password storage
By requesting a file that doesn't exist on the server (e.g., http://127.0.0.1:6680/aaa.html) someone could cause the server to return the path under which the product is installed.
Cross Site Scripting:
A remote user can issue an HTTP GET request for a large number of characters (e.g., '/AAAAA\[501 times\]'), causing the server crash.
Clear Text Password Storage Vulnerability:
SurgeLDAP stores usernames and passwords in clear text in the C:\surgeldap\user.dat file.
NetWin recommends upgrading to the latest release of SurgeLDAP, which is available on the company's
Discovered by Zive Kamir.