Sambar Server Search CGI Vulnerability
BID:1684
Info
Sambar Server Search CGI Vulnerability
| Bugtraq ID: | 1684 |
| Class: | Input Validation Error |
| CVE: |
CVE-2000-0835 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 15 2000 12:00AM |
| Updated: | Jul 12 2009 05:56PM |
| Credit: | This vulnerability was discovered and released by [email protected] on Thu, 14 Sep 2000. |
| Vulnerable: |
Sambar Server 4.4 Beta 3 Sambar Server 4.3 |
| Not Vulnerable: | |
Discussion
Sambar Server Search CGI Vulnerability
The Sambar Server was created to test a three-tier communication infrastructure modeled after the Sybase Open Client/Open Server. Soon thereafter, the idea of leveraging the infrastructure for dynamic delivery of content on the WWW resulted in the addition of an HTTP protocol stack, and efforts in supporting the notion of preexistent users via HTTP.
Certain NT versions of this software ship with a vulnerability in the search.dll which allows remote attackers to view the contents of the SAMBAR Server such as mail folders etc by passing paths or invalid values in the 'query' variable.
The Sambar Server was created to test a three-tier communication infrastructure modeled after the Sybase Open Client/Open Server. Soon thereafter, the idea of leveraging the infrastructure for dynamic delivery of content on the WWW resulted in the addition of an HTTP protocol stack, and efforts in supporting the notion of preexistent users via HTTP.
Certain NT versions of this software ship with a vulnerability in the search.dll which allows remote attackers to view the contents of the SAMBAR Server such as mail folders etc by passing paths or invalid values in the 'query' variable.
Exploit / POC
Sambar Server Search CGI Vulnerability
The following example was taken from the advisory on this subject which is attached in full in the 'Credit' section of this vulnerability:
All that is needed is a malformed query parameter parsed to the search.dll file
.
http://server-running-sambar.com/search.dll?search?query=%00&logic=AND
.. this will reveal the current working directory contents.
http://server-running-sambar.com/search.dll?search?query=/&logic=AND
.. this will reveal the root dir of the server.
The following example was taken from the advisory on this subject which is attached in full in the 'Credit' section of this vulnerability:
All that is needed is a malformed query parameter parsed to the search.dll file
.
http://server-running-sambar.com/search.dll?search?query=%00&logic=AND
.. this will reveal the current working directory contents.
http://server-running-sambar.com/search.dll?search?query=/&logic=AND
.. this will reveal the root dir of the server.
Solution / Fix
Sambar Server Search CGI Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].