Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: web5227.htm

Sambar DoS and buffer overflow



2nd Apr 2002 [SBWID-5227]
COMMAND

	Sambar DoS and buffer overflow

SYSTEMS AFFECTED

	Sambar Server 5.0

PROBLEM

	In     Mark     Litchfield     [http://www.ngssoftware.com]     advisory
	[#NISR01042002] :
	

	BufferOverrun - By sending an overly  long  username  and  password,  an
	access violation  occurs  in  MSVCRT.dll  (Server.exe)  overwriting  the
	saved return address with (in this  case)  41414141.  As  server.exe  is
	started as a system service, any execution of  arbitary  code  would  be
	run with system privilages.
	

	DOS 1)

	

	By suppling an overly long string to a specific  HTTP  header  field  an
	access violation occurs in SAMBAR.DLL and kills server.exe
	

	DOS 2)

	

	GET /cgi-win/testcgi.exe?(long char string)
	

	DOS 3)

	

	GET /cgi-win/Pbcgi.exe?(long char string)

SOLUTION

	Get patch from :
	

	

	http://www.sambarserver.com/download/sambar51p.exe

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH