Sambar Server cgitest.exe example script denial of service
| sambar-cgitest-dos (7894) |  Medium Risk |
Description:
Sambar Server is vulnerable to a denial of service attack. A remote attacker can send several specially-crafted GET requests for the cgitest.exe example script appended with a long string of characters to the server to cause the server to crash. The server must be restarted to regain normal functionality.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of Sambar Server (5.1 production release or later), available from the Sambar Technologies Web site. See References.
References:
- BugTraq Mailing List, Tue Jan 15 2002 - 17:57:17 CST: Sambar Webserver v5.1 DoS Vulnerability.
- Nessus plugin ID : 11131: Sambar web server DOS.
- Sambar Technologies Web site: SAMBAR TECHNOLOGIES.
- Sambar Technologies Web site: Sambar Server Security Alert.
- BID-3885: Sambar Server Sample Script Denial Of Service Vulnerability
- CVE-2002-0128: cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
- OSVDB ID: 34: Sambar Server cgitest.exe Remote Overflow
- OSVDB ID: 55369: Sambar Server testcgi.exe Remote Overflow
- OSVDB ID: 55370: Sambar Server Pbcgi.exe Remote Overflow
Platforms Affected:
- Sambar Sambar Server 5.1
Reported:
Jan 16, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this