Bugtraq mailing list archives

SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application

From: todd () INTERNETWORKING COM (Todd Beebe)
Date: Fri, 31 Mar 2000 18:50:35 -0600


Disclaimer:
The opinions expressed in this advisory and program are my own and not
of any company.
The usual standard disclaimer applies, I am not liable for any damages
caused by direct or
indirect use of the information or functionality provided by this
advisory.
I bear NO responsibility for content or misuse of this advisory or any
derivatives thereof.

We have contacted the vendor numerous times to find solutions for the
following issues, however, their response has been the typical "none of
our other customers have a problem with the current configuration" or
"that is how we have always set it up in the past".

Background:

Eviewer is a web-based application that is designed to offer a browser
interface to SalesLogix data.

Issues:

1. The following URL will instruct the application DLL to essentially
shutdown, restart, and reread the configuration.  Our experience has
been, each time the command is run, the application CRASHES and requires
a reboot to reset.  In addition, the "administrative" command requires
NO PASSWORD to issue the shutdown command.

http://yourserver.com/scripts/slxweb.dll/admin?command=shutdown

Secondary Concerns:

In addition to the security issues surrounding the non-password
protected admin command, here are some additional "requirements"
necessary to install the product (see if you can find the security
holes):

1. Change the standard "anonymous" user account from the default
IUSR_{systemname}, that has guest priviledge, to a newly defined
slxwebuser account with administrative priviledge.

2. Create multiple shares on the webserver, including shares to the root
webserver document directory and /scripts directory.

3. The slxweb.dll program, which allows admin commands, must be
installed in the /scripts directory (you cannot move it to /cgi-bin,
etc).

4. Both the installation guide, and tech support "strongly suggest" you
install IIS in its default location c:\inetpub\wwwroot.

Have a great day.

Current thread:

Microsoft Security Bulletin (MS00-019), (continued)
- - - Microsoft Security Bulletin (MS00-019) Microsoft Product Security (Mar 30)
    - Microsoft Security Bulletin (MS00-021) Microsoft Product Security (Mar 30)
    - Napster, Inc. response to Colten Edwards Elias Levy (Mar 30)
    - Cobalt apache configuration exposes .htaccess Paul Schreiber (Mar 30)
    - Re: Napster, Inc. response to Colten Edwards Danny Crawford (Mar 30)
    - Re: Napster, Inc. response to Colten Edwards Dylan Griffiths (Mar 30)
    - Alert: MS Index Server (CISADV000330) Cerberus Security Team (Mar 30)
    - Webstar 4.0 Buffer overflow vulnerability Ilhom Djalilov (Mar 31)
    - Microsoft Security Bulletin (MS00-006) Microsoft Product Security (Mar 31)
    - [ Cobalt ] Security Advisory -- 03.31.2000 Jeff Lovell (Mar 31)
    - SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application Todd Beebe (Mar 31)
    - Windmail allow web user get any file Frankie Zie (Mar 25)
    - Re: Local Denial-of-Service attack against Linux Gigi Sullivan (Mar 26)
    - Re: Local Denial-of-Service attack against Linux Gigi Sullivan (Mar 31)
- Re: gpm-root Alessandro Rubini (Mar 23)