Some vulnerabilities and security issues have been reported in Sambar Web Server, allowing malicious people to compromise a vulnerable system and conduct Cross-Site Scripting attacks.
1) Normally, access is filtered to ensure that only connections from localhost (127.0.0.1) can connect to the proxy service. However, it is possible to access the proxy functionalities by creating a HTTP keep-alive connection to the Sambar web server.
This kind of vulnerability would normally be rated as "Moderately Critical", because malicious people could relay traffic through the server and thereby spoof their identity / IP address. However, it has been rated "Highly Critical", because certain administrative functionality, which doesn't require authentication, also is available through the local interface.
3APA3A has published information about how this vulnerability combined with certain functionality, which can't in itself be classified as vulnerabilities, can be exploited to compromise a vulnerable system.
3APA3A has also reported an issue where Sambar fails to check if Windows (DOS) device names such as "con", "aux", and "com1" are requested. This allows malicious people with physical access to a Sambar server to execute arbitrary code through the physical device (e.g. "com1") with the privileges of the web server by generating a request such as:
POST /cgi-bin/com1.pl HTTP/1.0
2) User input passed to various parameters isn't sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site by tricking the user into visiting a malicious website or follow a specially crafted link.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Sambar Server Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.