Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: DST2K0008: Buffer Overrun in Sambar Server 4.3

DST2K0008: Buffer Overrun in Sambar Server 4.3

From: Security Team <Security.Team_at_DELPHISCONSULT.CO.UK>
Date: Thu, 1 Jun 2000 15:43:51 +0100

> ==========================================================================
> ======
> Delphis Consulting Plc
> ==========================================================================
> ======
>
> Security Team Advisories
> [30/05/2000]
>
>
> securityteam_at_delphisplc.com
> [http://www.delphisplc.com/thinking/whitepapers/]
>
> ==========================================================================
> ======
> Adv : DST2K0008
> Title : Buffer Overrun in Sambar Server 4.3
> Author : DCIST (securityteam_at_delphisplc.com)
> O/S : Microsoft Windows NT v4.0 Workstation (SP6)
> Product : Sambar Server 4.3
> Date : 30/05/2000
>
> I. Description
>
> II. Solution
>
> III. Disclaimer
>
>
> ==========================================================================
> ======
>
>
> I. Description
> ==========================================================================
> ======
>
>
> Delphis Consulting Internet Security Team (DCIST) discovered the following
> vulnerability in the Sambar Server under Windows NT.
>
> By using the default finger script shipped with Sambar server it is
> possible
> to cause an Buffer overrun in sambar.dll overwriting the EIP allowing the
> execution of arbitry code. This is done by sending a large hostname in the
>
> required field. The string has to be a length of 32286 + EIP (4 bytes)
> making
> a total of 32290 bytes.
>
> From the our research it seems the problem also exists in a number of
> scripts
> which rely on sambar dll functionality this includes but is not limited
> to:
>
> o whois demonstration script
> o finger demonstration script
>
>
> II. Solution
> ==========================================================================
> ======
>
> Vendor Status: Informed
>
> Currently there is no vendor patch available but the following are
> preventative
> measures Delphis Consulting Internet Security Team would advise users
> running
> this service to implement.
>
> o Remove both demonstration scripts.
>
>
> III. Disclaimer
> ==========================================================================
> ======
> THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE ACCURATE AT
> THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY IS GIVEN, EXPRESS
> OR
> IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. NEITHER THE AUTHOR NOR THE
> PUBLISHER ACCEPTS ANY LIABILITY WHATSOEVER FOR ANY DIRECT, INDIRECT OR
> CONSEQUENTIAL LOSS OR DAMAGE ARISING IN ANY WAY FROM ANY USE OF, OR
> RELIANCE
> PLACED ON, THIS INFORMATION FOR ANY PURPOSE.
> ==========================================================================
> ======
Received on Jun 01 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos