[VIM] Vendor ACK for SurgeLDAP issues
security curmudgeon
jericho at attrition.org
Mon Jul 18 05:51:16 EDT 2005
: Various SurgeLDAP issues are clearly acknowledged in the vendor's
: changelog here:
:
: http://netwinsite.com/surgeldap/updates.htm
:
: e.g. 1.0h acknowledges BID:10294 / SECTRACK:1010068
:
: and 1.0e lists a slew of cross-references to VDB's.
:
: I didn't see any mention of the directory traversal issue reported in
: 2004 (page parameter in show command), however.
Yep, I was able to match all of the security warnings to entries we had
with two exceptions:
1. like you notice, no mention of the user.cgi traversal (osvdb 5169)
2. on 2004-11-29 it lists: Security Fixes. (Denial of Service attacks)
i couldn't match this against any entry we had, so creating one for it
More information about the VIM
mailing list