Vulnerability

    Ceilidh

Affected

    Microsoft Windows NT v4.0 Workstation (SP6) with Ceilidh v2.60a (build date 3-04-2000)

Description

    Following  is  based  on  Delphis  Consulting  Plc  Security  Team
    Advisories.   The  html  code  which  is  generated by ceilidh.exe
    (example URL below)  contains a hidden  form field by  the name of
    "translated_path".  This path is the REAL location of the  Ceilidh
    files (typically under Web root).  Example URL:

        http://127.0.0.1/cgi-bin/ceilidh.exe/ceilidh/?N4

    By using  a specially  crafted POST  statement it  is possible  to
    spawn multiple  copies of  ceilidh.exe each  taking 1%  of CPU and
    700k of memory.  This can be sent multiple times to cause resource
    depletion on the remote host.  To free all the resources  you must
    shutdown and restart the World Wide Web Publishing Service.

Solution

    Currently there is no known solution to the problem.