Users login

Create an account »


Users login

Home » Hacking News » Multiple Vulnerabilties in Sambar Server

Multiple Vulnerabilties in Sambar Server

by Nikola Strahija on April 2nd, 2002 BufferOverrun - By sending an overly long username and password, an access violation occurs in MSVCRT.dll (Server.exe) overwriting the saved return address with (in this case) 41414141. As server.exe is started as a system service, any execution of arbitary code would be run with system privilages.

Sambar Server is a web server that runs on Microsoft Windows 2000, XP, NT,
ME, 98 & 95 and is run as a Service on NT, 2000, & XP.

DOS 1)

By suppling an overly long string to a specific HTTP header field an access
violation occurs in SAMBAR.DLL and kills server.exe

DOS 2)

GET /cgi-win/testcgi.exe?(long char string)

DOS 3)

GET /cgi-win/Pbcgi.exe?(long char string)

Fix Information
NGSSoftware alerted SAMBAR to these problems on 27th March 2002. The patches
are available from
NGSSoftware would like to take this opportunity to thank Tod Sambar who
spent his Easter weekend creating these patches, demonstrating his
commitment to the security of his customers.

A check for these issues has been added to Typhon II, of which more
information is available from the
NGSSoftware website,

Further Information

For further information about the scope and effects of buffer overflows,
please see

Name: Sambar Server 5.0 (server.exe)
Systems Affected: WinNT, Win2K, XP
Severity: High Risk
Category: Buffer Overrun / DOS x 3
Vendor URL:
Author: Mark Litchfield ([email protected])
Date: 1st April 2002
Advisory number: #NISR01042002

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »