Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Multiple Vulnerabilties Sambar Webserver

From: Tamer Sahin <ts () securityoffice net>
Date: Tue, 02 Apr 2002 17:03:41 -0800
This vulnerability already discovered in January of this year.

http://www.securityoffice.net/articles/sambar/
http://www.securityfocus.com/bid/3885

Best Regards;

Tamer Sahin
http://www.securityoffice.net

> -----Original Message-----
> From: NGSSoftware Insight Security Research Advisory (NISR)
> [mailto:NISR () ngssoftware com]
> Sent: lundi 1 avril 2002 22:26
> To: bugtraq () securityfocus com
> Subject: Fw: Multiple Vulnerabilties in Sambar Server
>
>
> ----- Original Message -----
> From: NGSSoftware Insight Security Research Advisory (NISR)
> To: bugtraq () securityfocus com
> Sent: Monday, April 01, 2002 12:07 PM
> Subject: Multiple Vulnerabilties in Sambar Server
>
>
> NGSSoftware Insight Security Research Advisory
>
> Name:    Sambar Server 5.0 (server.exe)
> Systems Affected:  WinNT, Win2K, XP
> Severity:  High Risk
> Category:  Buffer Overrun / DOS x 3
> Vendor URL:   http://www.Sambar.com.com/
> Author:   Mark Litchfield (mark () ngssoftware com)
> Date:   1st April 2002
> Advisory number: #NISR01042002
>
>
> Description
> ***********
> Sambar Server is a web server that runs on Microsoft Windows 2000, XP, NT, 
> ME, 98 & 95 and is run as a Service on NT, 2000, & XP
>
> Details
> *******
>
> BufferOverrun - By sending an overly long username and password, an access 
> violation occurs in MSVCRT.dll (Server.exe) overwriting the saved return
> address with (in this case) 41414141. As server.exe is started as a system > service, any execution of arbitary code would be run with system privilages. 
>
> DOS 1)
>
> By suppling an overly long string to a specific HTTP header field an access 
> violation occurs in SAMBAR.DLL and kills server.exe
>
> DOS 2)
>
> GET /cgi-win/testcgi.exe?(long char string)
>
> DOS 3)
>
> GET /cgi-win/Pbcgi.exe?(long char string)
>
>
> Fix Information
> ***************
> NGSSoftware alerted SAMBAR to these problems on 27th March 2002. The patches 
> are available from http://www.sambarserver.com/download/sambar51p.exe.
> NGSSoftware would like to take this opportunity to thank Tod Sambar who
> spent his Easter weekend creating these patches, demonstrating his
> commitment to the security of his customers.
>
>
> A check for these issues has been added to Typhon II, of which more
> information is available from the
> NGSSoftware website, http://www.ngssoftware.com.
>
> Further Information
> *******************
>
> For further information about the scope and effects of buffer overflows,
> please see
>
> http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf
> http://www.ngssoftware.com/papers/ntbufferoverflow.html
> http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
> http://www.ngssoftware.com/papers/unicodebo.pdf
Previous By Date Next
Previous By Thread Next

Current thread: