[15246] in bugtraq
DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
daemon@ATHENA.MIT.EDU (Ollie Whitehouse)
Thu Jun 8 12:50:12 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <6C740781F92BD411831F0090273A8AB806FE42@exchange.servers.delphis.net>
Date: Thu, 8 Jun 2000 14:18:59 +0100
Reply-To: Ollie Whitehouse <ollie@DELPHISPLC.COM>
From: Ollie Whitehouse <ollie@DELPHISPLC.COM>
X-To: "win2ksecadvice@LISTSERV.NTSECURITY.NET"
<win2ksecadvice@LISTSERV.NTSECURITY.NET>,
"NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM"
<NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> ==========================================================================
> ======
> Delphis Consulting Plc
> ==========================================================================
> ======
>
> Security Team Advisories
> [05/06/2000]
>
>
> securityteam@delphisplc.com
> [http://www.delphisplc.com/thinking/whitepapers/]
>
> ==========================================================================
> ======
> Adv : DST2K0010
> Title : DoS, Path Revealing & BufferOverrun Vulnerability in Ceilidh
> v2.60a
> Author : DCIST (securityteam@delphisplc.com)
> O/S : Microsoft Windows NT v4.0 Workstation (SP6)
> Product : Ceilidh v2.60a (build date 3-04-2000)
> Date : 05/06/2000
>
> I. Description
>
> II. Solution
>
> III. Disclaimer
>
>
> ==========================================================================
> ======
>
>
> I. Description
> ==========================================================================
> ======
>
> Vendor URL: http://www.lilikoi.com/
>
> Severity: low
>
> The html code which is generated by ceilidh.exe (example URL below)
> contains a
> hidden form field by the name of "translated_path".
>
> This path is the REAL location of the Ceilidh files (typically under Web
> root)
>
> Example URL: http://127.0.0.1/cgi-bin/ceilidh.exe/ceilidh/?N4
>
>
> Severity: med
>
> By using a specially crafted POST statement it is possible to spawn
> multiple
> copies of ceilidh.exe each taking 1% of CPU and 700k of memory. This can
> be
> sent multiple times to cause resource depletion on the remote host. To
> free all
> the resources you must shutdown and restart the World Wide Web Publishing
> Service.
>
>
> II. Solution
> ==========================================================================
> ======
>
> Vendor Status: Informed
>
> Currently there is no known solution to the problem.
>
> III. Disclaimer
> ==========================================================================
> ======
> THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
> THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS
> OR
> IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
> PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
> CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR
> RELIANCE
> PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
> ==========================================================================
> ======
>
