SalesLogix eViewer DoS Vulnerability
BID:1089
Info
SalesLogix eViewer DoS Vulnerability
| Bugtraq ID: | 1089 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 31 2000 12:00AM |
| Updated: | Mar 31 2000 12:00AM |
| Credit: | Posted to Bugtraq on March 31, 2000 by Todd Beebe <[email protected]>. |
| Vulnerable: |
SalesLogix Corporation eViewer 1.0 |
| Not Vulnerable: | |
Discussion
SalesLogix eViewer DoS Vulnerability
SalesLogix eViewer is a web application integrated with the SalesLogix 2000 package.
eViewer will not perform authorization on administrative commands if they are requested directly in the URL. Therefore, the URL:
http: //target/scripts/slxweb.dll/admin?command=shutdown
will cause the slxweb.dll process to shutdown. Possibly other commands aside from 'shutdown' could be performed by a remote user as well. Although the slxweb.dll process will restart once a new query or session is issued, continually requesting the URL above will cause a denial of service.
Additional notes:
The program which issues administrative commands (slxweb.dll) is installed by default in the /scripts directory and cannot be relocated. In addition to this security concern, the package requires a user to change the default anonymous username (IUSR_{systemname}) in Microsoft IIS to 'slxwebuser' and grant it administrative privileges.
SalesLogix eViewer is a web application integrated with the SalesLogix 2000 package.
eViewer will not perform authorization on administrative commands if they are requested directly in the URL. Therefore, the URL:
http: //target/scripts/slxweb.dll/admin?command=shutdown
will cause the slxweb.dll process to shutdown. Possibly other commands aside from 'shutdown' could be performed by a remote user as well. Although the slxweb.dll process will restart once a new query or session is issued, continually requesting the URL above will cause a denial of service.
Additional notes:
The program which issues administrative commands (slxweb.dll) is installed by default in the /scripts directory and cannot be relocated. In addition to this security concern, the package requires a user to change the default anonymous username (IUSR_{systemname}) in Microsoft IIS to 'slxwebuser' and grant it administrative privileges.
Exploit / POC
SalesLogix eViewer DoS Vulnerability
http://target/scripts/slxweb.dll/admin?command=shutdown
http://target/scripts/slxweb.dll/admin?command=shutdown
Solution / Fix
SalesLogix eViewer DoS Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].