Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Sambar Server Multiple Vulnerabilities

-

Release Date:  2004-05-04    Views:  10,948

Secunia Advisory SA9578

Where:

From remote

Impact:

Security Bypass, Cross Site Scripting, DoS, System access

Solution Status:

Vendor Patch

CVE Reference(s):

No CVE references.

Description


Some vulnerabilities and security issues have been reported in Sambar Web Server, allowing malicious people to compromise a vulnerable system and conduct Cross-Site Scripting attacks.

1) Normally, access is filtered to ensure that only connections from localhost (127.0.0.1) can connect to the proxy service. However, it is possible to access the proxy functionalities by creating a HTTP keep-alive connection to the Sambar web server.

This kind of vulnerability would normally be rated as "Moderately Critical", because malicious people could relay traffic through the server and thereby spoof their identity / IP address. However, it has been rated "Highly Critical", because certain administrative functionality, which doesn't require authentication, also is available through the local interface.

3APA3A has published information about how this vulnerability combined with certain functionality, which can't in itself be classified as vulnerabilities, can be exploited to compromise a vulnerable system.

3APA3A has also reported an issue where Sambar fails to check if Windows (DOS) device names such as "con", "aux", and "com1" are requested. This allows malicious people with physical access to a Sambar server to execute arbitrary code through the physical device (e.g. "com1") with the privileges of the web server by generating a request such as:

POST /cgi-bin/com1.pl HTTP/1.0

2) User input passed to various parameters isn't sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site by tricking the user into visiting a malicious website or follow a specially crafted link.

Examples:
/cgi-bin/mortgage.pl?price="><malicious_code>
/samples/ssienv.shtml?<malicious_code>
/cgi-bin/dumpenv.pl?<malicious_code>
/cgi-bin/book.pl

3) An unspecified boundary error has been reported to affect certain versions of Sambar Server 6.0.

Vulnerabilities 1 and 2 have been reported to affect Sambar Server 5 and certain Sambar Server 6 beta releases.


Solution:
The latest production release 6.0.1 is not vulnerable.

Provided and/or discovered by:
1 and 2) 3APA3A
3) Ned

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Sambar Server Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability