Fw: Multiple Vulnerabilties in Sambar Server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


----- Original Message -----
From: NGSSoftware Insight Security Research Advisory (NISR)
To: bugtraq@securityfocus.com
Sent: Monday, April 01, 2002 12:07 PM
Subject: Multiple Vulnerabilties in Sambar Server


NGSSoftware Insight Security Research Advisory

Name:    Sambar Server 5.0 (server.exe)
Systems Affected:  WinNT, Win2K, XP
Severity:  High Risk
Category:  Buffer Overrun / DOS x 3
Vendor URL:   http://www.Sambar.com.com/
Author:   Mark Litchfield (mark@ngssoftware.com)
Date:   1st April 2002
Advisory number: #NISR01042002


Description
***********
Sambar Server is a web server that runs on Microsoft Windows 2000, XP, NT,
ME, 98 & 95 and is run as a Service on NT, 2000, & XP

Details
*******

BufferOverrun - By sending an overly long username and password, an access
violation occurs in MSVCRT.dll (Server.exe) overwriting the saved return
address with (in this case) 41414141.  As server.exe is started as a system
service, any execution of arbitary code would be run with system privilages.

DOS 1)

By suppling an overly long string to a specific HTTP header field an access
violation occurs in SAMBAR.DLL and kills server.exe

DOS 2)

GET /cgi-win/testcgi.exe?(long char string)

DOS 3)

GET /cgi-win/Pbcgi.exe?(long char string)


Fix Information
***************
NGSSoftware alerted SAMBAR to these problems on 27th March 2002. The patches
are available from http://www.sambarserver.com/download/sambar51p.exe.
NGSSoftware would like to take this opportunity to thank Tod Sambar who
spent his Easter weekend creating these patches, demonstrating his
commitment to the security of his customers.


A check for these issues has been added to Typhon II, of which more
information is available from the
NGSSoftware website, http://www.ngssoftware.com.

Further Information
*******************

For further information about the scope and effects of buffer overflows,
please see

http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf
http://www.ngssoftware.com/papers/ntbufferoverflow.html
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/unicodebo.pdf
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux