From ollie@DELPHISPLC.COM Mon Jul 10 02:43:05 2000 From: Ollie Whitehouse To: BUGTRAQ@SECURITYFOCUS.COM Date: Thu, 8 Jun 2000 14:18:59 +0100 Subject: DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] > ========================================================================== > ====== > Delphis Consulting Plc > ========================================================================== > ====== > > Security Team Advisories > [05/06/2000] > > > securityteam@delphisplc.com > [http://www.delphisplc.com/thinking/whitepapers/] > > ========================================================================== > ====== > Adv : DST2K0010 > Title : DoS, Path Revealing & BufferOverrun Vulnerability in Ceilidh > v2.60a > Author : DCIST (securityteam@delphisplc.com) > O/S : Microsoft Windows NT v4.0 Workstation (SP6) > Product : Ceilidh v2.60a (build date 3-04-2000) > Date : 05/06/2000 > > I. Description > > II. Solution > > III. Disclaimer > > > ========================================================================== > ====== > > > I. Description > ========================================================================== > ====== > > Vendor URL: http://www.lilikoi.com/ > > Severity: low > > The html code which is generated by ceilidh.exe (example URL below) > contains a > hidden form field by the name of "translated_path". > > This path is the REAL location of the Ceilidh files (typically under Web > root) > > Example URL: http://127.0.0.1/cgi-bin/ceilidh.exe/ceilidh/?N4 > > > Severity: med > > By using a specially crafted POST statement it is possible to spawn > multiple > copies of ceilidh.exe each taking 1% of CPU and 700k of memory. This can > be > sent multiple times to cause resource depletion on the remote host. To > free all > the resources you must shutdown and restart the World Wide Web Publishing > Service. > > > II. Solution > ========================================================================== > ====== > > Vendor Status: Informed > > Currently there is no known solution to the problem. > > III. Disclaimer > ========================================================================== > ====== > THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT > THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS > OR > IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE > PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR > CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR > RELIANCE > PLACED ON, THIS INFORMATION FOR ANY PURPOSE. > ========================================================================== > ====== >