[NT] SurgeLDAP Web Service user.cgi File Retrieval
From: SecuriTeam (support_at_securiteam.com)
Date: 04/15/04
- Previous message: SecuriTeam: "[TOOL] FSTools - FileSystem Investigator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 15 Apr 2004 16:30:57 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
SurgeLDAP Web Service user.cgi File Retrieval
------------------------------------------------------------------------
SUMMARY
<http://netwinsite.com/surgeldap/> SurgeLDAP is "an advanced easy to
manage and install high performance LDAP v3 server. It supports any number
of schemas, easy to add/modify existing schemas, integrated web based user
access, and fast browser based administration tools. And all relevant RFC
protocols LDAP v2, LDAP v3, HTTP. With its features, support and price it
is more powerful and cost effective than any other solution. Compatible to
suck data from existing LDAP servers for easy data population. With a
build in web server allowing your users to search your LDAP, or
administrate the database".
A flaw has been found in "user.cgi" that allow a remote user to retrieve a
file on a system. By supplying the value "../" in "page" parameter you can
read files outside the WWW root.
DETAILS
Vulnerable Systems:
* SurgeLDAP version 1.0g
Example:
Accessing the following URL will cause the server to return the content of
the boot.ini file:
http://[host]:6680/user.cgi?cmd=show&page=/../../../boot.ini
ADDITIONAL INFORMATION
The information has been provided by <mailto:dr_insane@pathfinder.gr>
dr_insane.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[TOOL] FSTools - FileSystem Investigator"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
