|
Sambar Server Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA9578
|
|
|
Release Date:
|
2004-05-04
|
|
Popularity:
|
7,519 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Cross Site Scripting
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Sambar Server 5.x
Sambar Server 6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Some vulnerabilities and security issues have been reported in Sambar Web Server, allowing malicious people to compromise a vulnerable system and conduct Cross-Site Scripting attacks.
1) Normally, access is filtered to ensure that only connections from localhost (127.0.0.1) can connect to the proxy service. However, it is possible to access the proxy functionalities by creating a HTTP keep-alive connection to the Sambar web server.
This kind of vulnerability would normally be rated as "Moderately Critical", because malicious people could relay traffic through the server and thereby spoof their identity / IP address. However, it has been rated "Highly Critical", because certain administrative functionality, which doesn't require authentication, also is available through the local interface.
3APA3A has published information about how this vulnerability combined with certain functionality, which can't in itself be classified as vulnerabilities, can be exploited to compromise a vulnerable system.
3APA3A has also reported an issue where Sambar fails to check if Windows (DOS) device names such as "con", "aux", and "com1" are requested. This allows malicious people with physical access to a Sambar server to execute arbitrary code through the physical device (e.g. "com1") with the privileges of the web server by generating a request such as:
POST /cgi-bin/com1.pl HTTP/1.0
2) User input passed to various parameters isn't sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site by tricking the user into visiting a malicious website or follow a specially crafted link.
Examples:
/cgi-bin/mortgage.pl?price="><malicious_code>
/samples/ssienv.shtml?<malicious_code>
/cgi-bin/dumpenv.pl?<malicious_code>
/cgi-bin/book.pl
3) An unspecified boundary error has been reported to affect certain versions of Sambar Server 6.0.
Vulnerabilities 1 and 2 have been reported to affect Sambar Server 5 and certain Sambar Server 6 beta releases.
Solution:
The latest production release 6.0.1 is not vulnerable.
Provided and/or discovered by:
1 and 2) 3APA3A
3) Ned
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
Today
|
New advisories:
|
9 |
|
New vulnerabilities:
|
26 |
|
Updated advisories:
|
61 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
18th Nov, 2008
|
New advisories:
|
27 |
|
New vulnerabilities:
|
38 |
|
Updated advisories:
|
26 |
|
|
|
|
 Solutions | More...
|
|
