Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: web5227.htm

Sambar DoS and buffer overflow
2nd Apr 2002 [SBWID-5227]

	Sambar DoS and buffer overflow


	Sambar Server 5.0


	In     Mark     Litchfield     []     advisory
	[#NISR01042002] :

	BufferOverrun - By sending an overly  long  username  and  password,  an
	access violation  occurs  in  MSVCRT.dll  (Server.exe)  overwriting  the
	saved return address with (in this  case)  41414141.  As  server.exe  is
	started as a system service, any execution of  arbitary  code  would  be
	run with system privilages.

	DOS 1)


	By suppling an overly long string to a specific  HTTP  header  field  an
	access violation occurs in SAMBAR.DLL and kills server.exe

	DOS 2)


	GET /cgi-win/testcgi.exe?(long char string)

	DOS 3)


	GET /cgi-win/Pbcgi.exe?(long char string)


	Get patch from :


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH