Sambar Server 4.3 Buffer Overflow Vulnerability
BID:1287
Info
Sambar Server 4.3 Buffer Overflow Vulnerability
| Bugtraq ID: | 1287 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-0509 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jun 01 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | Discovered by the Delphis Consulting Internet Security Team (DCIST) and publicized in a Security Team Advisory (DST2K0008) on June 1, 2000. |
| Vulnerable: |
Sambar Server 4.3 beta 9 |
| Not Vulnerable: | |
Discussion
Sambar Server 4.3 Buffer Overflow Vulnerability
Performing a finger or whois query using the scripts supplied with Sambar Server consisting of a hostname over 32290 bytes will cause Sambar Server 4.3 to crash and allow for arbitrary code to be executed. Unusually long GET requests or POST commands will also achieve the same results. Other queries that rely on sambar.dll may be susceptible to this vulnerability as well.
Performing a finger or whois query using the scripts supplied with Sambar Server consisting of a hostname over 32290 bytes will cause Sambar Server 4.3 to crash and allow for arbitrary code to be executed. Unusually long GET requests or POST commands will also achieve the same results. Other queries that rely on sambar.dll may be susceptible to this vulnerability as well.
Exploit / POC
Sambar Server 4.3 Buffer Overflow Vulnerability
see discussion
see discussion
Solution / Fix
Sambar Server 4.3 Buffer Overflow Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Sambar Server 4.3 Buffer Overflow Vulnerability
References:
References: