| VID |
23066 |
| Severity |
30 |
| Port |
6680 |
| Protocol |
TCP |
| Class |
LDAP |
| Detailed Description |
The SurgeLDAP server is vulnerable to a directory traversal vulnerability using the "dot dot" sequences.
SurgeLDAP is a Lightweight Directory Access Protocol (LDAP) v3 server for Microsoft Windows and Linux-based operating systems. Some versions of the SurgeLDAP could allow an attacker to traverse directories on the system, caused by improper filtering a user-supplied input in the "user.cgi" script. By sending a specially crafted URL request containing "dot dot" sequences (../) to the page variable of the "user.cgi" script as the following,
http://[host]:6680/user.cgi?cmd=show&page=/../../../boot.ini
an attacker could traverse directories and view arbitrary files on the system outside of the Web root.
* References:
http://packetstormsecurity.nl/0404-exploits/SurgeLDAP10.txt
* Platforms Affected:
NetWin SurgeLDAP 1.0g
NetWin SurgeLDAP 1.0e
NetWin SurgeLDAP 1.0d
Linux Any version
Windows Any version |
| Recommendation |
No upgrade or patch for this vulnerability as of April 2004. |
| Related URL |
CVE-2004-2253 (CVE) |
| Related URL |
10103 (SecurityFocus) |
| Related URL |
15851 (ISS) |
|
