[VIM] Vendor ACK for SurgeLDAP issues

security curmudgeon jericho at attrition.org
Mon Jul 18 05:51:16 EDT 2005

: Various SurgeLDAP issues are clearly acknowledged in the vendor's
: changelog here:
:   http://netwinsite.com/surgeldap/updates.htm
: e.g. 1.0h acknowledges BID:10294 / SECTRACK:1010068
: and 1.0e lists a slew of cross-references to VDB's.
: I didn't see any mention of the directory traversal issue reported in 
: 2004 (page parameter in show command), however.

Yep, I was able to match all of the security warnings to entries we had 
with two exceptions:

1. like you notice, no mention of the user.cgi traversal  (osvdb 5169)

2. on 2004-11-29 it lists: Security Fixes. (Denial of Service attacks)
   i couldn't match this against any entry we had, so creating one for it

More information about the VIM mailing list