[13984] in bugtraq
Sambar Server alert!
daemon@ATHENA.MIT.EDU (Georgi Chorbadzhiyski)
Wed Feb 23 14:23:45 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38B3E60A.6A84FEC3@cybcom.net>
Date: Wed, 23 Feb 2000 15:52:10 +0200
Reply-To: Georgi Chorbadzhiyski <gf@CYBCOM.NET>
From: Georgi Chorbadzhiyski <gf@CYBCOM.NET>
X-To: "BUGTRAQ@SECURITYFOCUS.COM" <BUGTRAQ@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Hello!
PRODUCT
-------
The Sambar Server is a multi-threaded HTTP, FTP and
Proxy server for Windows NT and Windows 95.
AFFECTED VERSIONS
-----------------
All version of Sambar server running under Windows NT 4.0 and
Windows 2000. Windows 98 version is vulnerable.
VULNERABILITY DESCRIPTION
-------------------------
The default installation of Sambar server, put into server's
/CGI-BIN/ directory two .BAT files - ECHO.BAT and HELLO.BAT.
These are simple files with just one "echo" command in them.
However under Windows NT these files can cause a lot of trouble.
The problem IMHO lays in CMD.EXE, the example follows:
http://yourdomain/cgi-bin/hello.bat?&dir+c:\
You'll see a nice listing of your C: drive :-))
Sambar server runs with Administrator privileges under NT so
even if you use NTFS, you still will be affected.
SOLUTION
--------
Delete any .BAT files in /CGI-BIN/ directory of your Sambar server.
CREDIT
------
This bug was discovered by Georich Chorbadzhiyski and Nikolay Tsvetkov.
