Date: Mon, 1 Apr 2002 12:26:13 -0800
From: "NGSSoftware Insight Security Research Advisory (NISR)" <[email protected]>
To: [email protected]Subject: Fw: Multiple Vulnerabilties in Sambar Server
----- Original Message -----
From: NGSSoftware Insight Security Research Advisory (NISR)
To: [email protected]
Sent: Monday, April 01, 2002 12:07 PM
Subject: Multiple Vulnerabilties in Sambar Server
NGSSoftware Insight Security Research Advisory
Name: Sambar Server 5.0 (server.exe)
Systems Affected: WinNT, Win2K, XP
Severity: High Risk
Category: Buffer Overrun / DOS x 3
Vendor URL: http://www.Sambar.com.com/
Author: Mark Litchfield ([email protected])
Date: 1st April 2002
Advisory number: #NISR01042002
Description
***********
Sambar Server is a web server that runs on Microsoft Windows 2000, XP, NT,
ME, 98 & 95 and is run as a Service on NT, 2000, & XP
Details
*******
BufferOverrun - By sending an overly long username and password, an access
violation occurs in MSVCRT.dll (Server.exe) overwriting the saved return
address with (in this case) 41414141. As server.exe is started as a system
service, any execution of arbitary code would be run with system privilages.
DOS 1)
By suppling an overly long string to a specific HTTP header field an access
violation occurs in SAMBAR.DLL and kills server.exe
DOS 2)
GET /cgi-win/testcgi.exe?(long char string)
DOS 3)
GET /cgi-win/Pbcgi.exe?(long char string)
Fix Information
***************
NGSSoftware alerted SAMBAR to these problems on 27th March 2002. The patches
are available from http://www.sambarserver.com/download/sambar51p.exe.
NGSSoftware would like to take this opportunity to thank Tod Sambar who
spent his Easter weekend creating these patches, demonstrating his
commitment to the security of his customers.
A check for these issues has been added to Typhon II, of which more
information is available from the
NGSSoftware website, http://www.ngssoftware.com.
Further Information
*******************
For further information about the scope and effects of buffer overflows,
please see
http://www.ngssoftware.com/papers/non-stack-bo-windows.pdfhttp://www.ngssoftware.com/papers/ntbufferoverflow.htmlhttp://www.ngssoftware.com/papers/bufferoverflowpaper.rtfhttp://www.ngssoftware.com/papers/unicodebo.pdf
