Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1998: Re: Sambar Server Beta BUG..

Re: Sambar Server Beta BUG..

Posick, Steve (posicksESPN.COM)
Wed, 10 Jun 1998 15:15:34 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steve Siirila: "Re: Solaris 2.5.1 patch not effective?"
Previous message: p__boyerUSA.NET: "Cheyenne Inoculan vulnerability on NT"
Maybe in reply to: Michiel de Weerd: "Sambar Server Beta BUG.."

There is also a buffer overrun in the logging code and a MAJOR hole in
the mailit script that allow for remote execution
of system commands.

In both cases I have notified Tod Sambar and they are hopefully
fixed.

-----Original Message-----
From:   Michiel de Weerd [SMTP:webmasterFOCUS.DEMON.NL]
Sent:   Wednesday, June 10, 1998 12:13 PM
To:     BUGTRAQNETSPACE.ORG
Subject:        Sambar Server Beta BUG..

Sambar Server Beta's have a serious bug! it is possible to view the
victim's HDD.

This is how it's done:

Asume you find a computer running Sambar Server by searching the
Internet with these key-words: +sambar +server +v4.1

If you find a site like: http://www.site.net/

then do a test, run a little perl script...

http://www.site.net/cgi-bin/dumpenv.pl

Now you see the complete environment of the victims computer,
including
his path. Now you can try to login as the administrator by adding
this
to the url: /session/adminlogin?RCpage=/sysadmin/index.stm

so: http://www.site.net/session/adminlogin?RCpage=/sysadmin/index.stm

The default login is: admin and the default password is blank.

If the victim hasn't changed his settings, you now can control his
server.

Another feature is to view the victims HDD. If you were able to run
the
perl script you should also be able (in most cases) to view
directory's
from his path. Most people have c:/program files and c:/windows in
the
path line, so what you can do is:

http://www.site.net/c:/program files/sambar41

FIX:

1) Upgrade to a non-beta version of Sambar Server.
2) Don't alow directory browsing if index.html or default.html isn't
found.
3) Change the admin username and password before someone else changes
it
for you.

CC to Tod Sambar - http://www.sambar.com

Next message: Steve Siirila: "Re: Solaris 2.5.1 patch not effective?"
Previous message: p__boyerUSA.NET: "Cheyenne Inoculan vulnerability on NT"
Maybe in reply to: Michiel de Weerd: "Sambar Server Beta BUG.."