Vulnerabilities > CVE-2004-2086 - Buffer Overflow vulnerability in Sambar Server 6.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
sambar
exploit available
metasploit
NVD
Published: 2004-02-06
Updated: 2017-07-11

Summary

Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.

Vulnerable Configurations

Part Description Count
Application
Sambar
2

Exploit-Db

  • descriptionSambar Server 6.0 Results.STM Post Request Buffer Overflow Vulnerability. CVE-2004-2086. Dos exploit for windows platform
    idEDB-ID:23664
    last seen2016-02-02
    modified2004-02-09
    published2004-02-09
    reporter[email protected]
    sourcehttps://www.exploit-db.com/download/23664/
    titleSambar Server 6.0 Results.STM Post Request Buffer Overflow Vulnerability
  • descriptionSambar 6 Search Results Buffer Overflow. CVE-2004-2086. Remote exploit for windows platform
    idEDB-ID:16756
    last seen2016-02-02
    modified2010-02-13
    published2010-02-13
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16756/
    titleSambar 6 - Search Results Buffer Overflow

Metasploit

descriptionThis module exploits a buffer overflow found in the /search/results.stm application that comes with Sambar 6. This code is a direct port of Andrew Griffiths's SMUDGE exploit, the only changes made were to the nops and payload. This exploit causes the service to die, whether you provided the correct target or not.
idMSF:EXPLOIT/WINDOWS/HTTP/SAMBAR6_SEARCH_RESULTS
last seen2020-05-23
modified2017-11-08
published2010-02-13
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2086
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/sambar6_search_results.rb
titleSambar 6 Search Results Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/86296/sambar6_search_results.rb.txt
idPACKETSTORM:86296
last seen2016-12-05
published2010-02-15
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/86296/Sambar-6-Search-Results-Buffer-Overflow.html
titleSambar 6 Search Results Buffer Overflow

References