This vulnerability already discovered in January of this year. http://www.securityoffice.net/articles/sambar/ http://www.securityfocus.com/bid/3885 Best Regards; Tamer Sahin http://www.securityoffice.net > -----Original Message----- > From: NGSSoftware Insight Security Research Advisory (NISR) > [mailto:NISR@ngssoftware.com] > Sent: lundi 1 avril 2002 22:26 > To: bugtraq@securityfocus.com > Subject: Fw: Multiple Vulnerabilties in Sambar Server > > > ----- Original Message ----- > From: NGSSoftware Insight Security Research Advisory (NISR) > To: bugtraq@securityfocus.com > Sent: Monday, April 01, 2002 12:07 PM > Subject: Multiple Vulnerabilties in Sambar Server > > > NGSSoftware Insight Security Research Advisory > > Name: Sambar Server 5.0 (server.exe) > Systems Affected: WinNT, Win2K, XP > Severity: High Risk > Category: Buffer Overrun / DOS x 3 > Vendor URL: http://www.Sambar.com.com/ > Author: Mark Litchfield (mark@ngssoftware.com) > Date: 1st April 2002 > Advisory number: #NISR01042002 > > > Description > *********** > Sambar Server is a web server that runs on Microsoft Windows 2000, XP, NT, > ME, 98 & 95 and is run as a Service on NT, 2000, & XP > > Details > ******* > > BufferOverrun - By sending an overly long username and password, an access > violation occurs in MSVCRT.dll (Server.exe) overwriting the saved return > address with (in this case) 41414141. As server.exe is started as a system > service, any execution of arbitary code would be run with system privilages. > > DOS 1) > > By suppling an overly long string to a specific HTTP header field an access > violation occurs in SAMBAR.DLL and kills server.exe > > DOS 2) > > GET /cgi-win/testcgi.exe?(long char string) > > DOS 3) > > GET /cgi-win/Pbcgi.exe?(long char string) > > > Fix Information > *************** > NGSSoftware alerted SAMBAR to these problems on 27th March 2002. The patches > are available from http://www.sambarserver.com/download/sambar51p.exe. > NGSSoftware would like to take this opportunity to thank Tod Sambar who > spent his Easter weekend creating these patches, demonstrating his > commitment to the security of his customers. > > > A check for these issues has been added to Typhon II, of which more > information is available from the > NGSSoftware website, http://www.ngssoftware.com. > > Further Information > ******************* > > For further information about the scope and effects of buffer overflows, > please see > > http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf > http://www.ngssoftware.com/papers/ntbufferoverflow.html > http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf > http://www.ngssoftware.com/papers/unicodebo.pdf
