Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Multiple Vulnerabilties in Sambar Server

Multiple Vulnerabilties in Sambar Server

by Nikola Strahija on April 2nd, 2002 BufferOverrun - By sending an overly long username and password, an access violation occurs in MSVCRT.dll (Server.exe) overwriting the saved return address with (in this case) 41414141. As server.exe is started as a system service, any execution of arbitary code would be run with system privilages.


Description
***********
Sambar Server is a web server that runs on Microsoft Windows 2000, XP, NT,
ME, 98 & 95 and is run as a Service on NT, 2000, & XP.

DOS 1)

By suppling an overly long string to a specific HTTP header field an access
violation occurs in SAMBAR.DLL and kills server.exe

DOS 2)

GET /cgi-win/testcgi.exe?(long char string)

DOS 3)

GET /cgi-win/Pbcgi.exe?(long char string)


Fix Information
***************
NGSSoftware alerted SAMBAR to these problems on 27th March 2002. The patches
are available from http://www.sambarserver.com/download/sambar51p.exe.
NGSSoftware would like to take this opportunity to thank Tod Sambar who
spent his Easter weekend creating these patches, demonstrating his
commitment to the security of his customers.


A check for these issues has been added to Typhon II, of which more
information is available from the
NGSSoftware website, http://www.ngssoftware.com.

Further Information
*******************

For further information about the scope and effects of buffer overflows,
please see

http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf
http://www.ngssoftware.com/papers/ntbufferoverflow.html
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/unicodebo.pdf

Name: Sambar Server 5.0 (server.exe)
Systems Affected: WinNT, Win2K, XP
Severity: High Risk
Category: Buffer Overrun / DOS x 3
Vendor URL: http://www.Sambar.com.com/
Author: Mark Litchfield ([email protected])
Date: 1st April 2002
Advisory number: #NISR01042002






Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »