| VID |
23065 |
| Severity |
40 |
| Port |
6680 |
| Protocol |
TCP |
| Class |
LDAP |
| Detailed Description |
The versions v1.0d or prior of the SurgeLDAP are vulnerable to multiple vulnerabilities.
SurgeLDAP is a Lightweight Directory Access Protocol (LDAP) v3 server for Microsoft Windows and Linux-based operating systems. The following multiple vulnerabilities have been found in the version v1.0d or prior of the SurgeLDAP:
- File Path Disclosure Vulnerability: By sending a HTTP request for a file that does not exist on the server, a remote attacker could gain the installation path information in the error message returned from the server.
- Cross-Site Scripting Vulnerability: By sending a HTTP request containing a malicious HTML or JavaScript to the CGI scripts, such as "user.cgi", a remote attacker could execute it in the target's web browser. This vulnerability is caused by improper filtering of user-supplied input.
- Denial of Service Vulnerability: By sending the overly long HTTP GET request containing 501 characters or more, a remote attacker could cause the server to crash, caused by the buffer overflow.
- Password File Disclosure Vulnerability: Because the plaintext usernames and passwords are stored insecurely in the "user.dat" file, a local attacker could obtain sensitive information by opening this file.
* Note: This check solely relied on the version number of the remote SurgeLDAP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securiteam.com/windowsntfocus/5RP0I0UAUI.html
* Platforms Affected:
NetWin SurgeLDAP version 1.0d and the prior.
Linux Any version
Windows Any version |
| Recommendation |
Upgrade to the latest version, or the version 1.0e or later of SurgeLDAP from the SurgeLDAP Web site at http://netwinsite.com/SurgeLDAP/ . The latest version(v1.0g) has been released on the December 2003. |
| Related URL |
(CVE) |
| Related URL |
8406,8407,8408,8409 (SecurityFocus) |
| Related URL |
12899,12901,12902,12904 (ISS) |
|
