Bugtraq mailing list archives
Re: Multiple Vulnerabilties Sambar Webserver
From: Tamer Sahin <ts () securityoffice net>
Date: Tue, 02 Apr 2002 17:03:41 -0800
This vulnerability already discovered in January of this year. http://www.securityoffice.net/articles/sambar/ http://www.securityfocus.com/bid/3885 Best Regards; Tamer Sahin http://www.securityoffice.net > -----Original Message----- > From: NGSSoftware Insight Security Research Advisory (NISR) > [mailto:NISR () ngssoftware com] > Sent: lundi 1 avril 2002 22:26 > To: bugtraq () securityfocus com > Subject: Fw: Multiple Vulnerabilties in Sambar Server > > > ----- Original Message ----- > From: NGSSoftware Insight Security Research Advisory (NISR) > To: bugtraq () securityfocus com > Sent: Monday, April 01, 2002 12:07 PM > Subject: Multiple Vulnerabilties in Sambar Server > > > NGSSoftware Insight Security Research Advisory > > Name: Sambar Server 5.0 (server.exe) > Systems Affected: WinNT, Win2K, XP > Severity: High Risk > Category: Buffer Overrun / DOS x 3 > Vendor URL: http://www.Sambar.com.com/ > Author: Mark Litchfield (mark () ngssoftware com) > Date: 1st April 2002 > Advisory number: #NISR01042002 > > > Description > ***********> Sambar Server is a web server that runs on Microsoft Windows 2000, XP, NT,
> ME, 98 & 95 and is run as a Service on NT, 2000, & XP > > Details > ******* >> BufferOverrun - By sending an overly long username and password, an access
> violation occurs in MSVCRT.dll (Server.exe) overwriting the saved return> address with (in this case) 41414141. As server.exe is started as a system > service, any execution of arbitary code would be run with system privilages.
> > DOS 1) >> By suppling an overly long string to a specific HTTP header field an access
> violation occurs in SAMBAR.DLL and kills server.exe > > DOS 2) > > GET /cgi-win/testcgi.exe?(long char string) > > DOS 3) > > GET /cgi-win/Pbcgi.exe?(long char string) > > > Fix Information > ***************> NGSSoftware alerted SAMBAR to these problems on 27th March 2002. The patches
> are available from http://www.sambarserver.com/download/sambar51p.exe. > NGSSoftware would like to take this opportunity to thank Tod Sambar who > spent his Easter weekend creating these patches, demonstrating his > commitment to the security of his customers. > > > A check for these issues has been added to Typhon II, of which more > information is available from the > NGSSoftware website, http://www.ngssoftware.com. > > Further Information > ******************* > > For further information about the scope and effects of buffer overflows, > please see > > http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf > http://www.ngssoftware.com/papers/ntbufferoverflow.html > http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf > http://www.ngssoftware.com/papers/unicodebo.pdf
Current thread:
- Re: Multiple Vulnerabilties Sambar Webserver Tamer Sahin (Apr 02)
- <Possible follow-ups>
- Re: Multiple Vulnerabilties Sambar Webserver Steven M. Christey (Apr 03)