Tutorial - Sambar Vulnerabilities

Sambar Vulnerabilities

Updated 4/7/03
CVE 2002-0737

Impact

A remote attacker could execute arbitrary code with SYSTEM privileges, crash the web service, use the server for cross-site scripting attacks, or view the source code of CGI scripts which could reveal sensitive information.

Note: The red stoplight on this page indicates the highest possible severity level for this category of vulnerabilities. The severity level in this instance is indicated by the colored dot beside the link to this tutorial on the previous page.

Background

Sambar is a web server for Windows systems. It is started by the server.exe executable file.

The Problems

Multiple CGI Vulnerabilities

4/7/03
Several of the default CGI scripts which are installed with Sambar 5.3 and earlier contain vulnerabilities. The environ.pl and testcgi.exe programs can disclose physical path names and other information to potential attackers. The iecreate.stm and ieedit.stm programs could disclose the contents of directories. Furthermore, all of the above scripts and many others could allow cross-site scripting, which could allow a malicious web site to induce visitors into executing unexpected commands on the visitor's own computer.

Multiple Buffer Overflows

4/8/02
There are several buffer overflow vulnerabilities affecting Sambar 5.0 and possibly earlier versions.

A buffer overflow in the processing of username and password pairs in MSVCRT.dll could allow execution of arbitrary code.
An overly long string in a certain HTTP header results in an access violation in SAMBAR.dll, causing the server to crash.
Buffer overflows in the processing of input data in /cgi-win/testcgi.exe and /cgi-win/Pbcgi.exe could allow a remote attacker to crash the web server.

Source Code Disclosure

4/30/02
CVE 2002-0737
Like most web servers, Sambar supports CGI scripts, which are executed by the server when their file names are requested, with HTML output being sent back to the web browser. However, if a space and a null character are appended to the request, Sambar returns the source code of the script instead of executing it. The source code could reveal sensitive information such as passwords which could be helpful to an attacker in planning an attack. This vulnerability could also allow attackers to request DOS devices, which could consume system resources and lead to a denial of service.

Resolution

Upgrade to Sambar 5.3 or higher, and remove all unnecessary CGI programs. Note that simply removing the CGI programs which SAINT checks for does not sufficiently fix the problem. The complete list of vulnerable programs is available from VulnWatch.

Where can I read more about this?

The buffer overflow vulnerabilities were posted to Bugtraq. The source code disclosure was posted to VulnWatch. The CGI vulnerabilities were posted to VulnWatch.