Sambar Server 4.3 Buffer Overflow Vulnerability

Performing a finger or whois query using the scripts supplied with Sambar Server consisting of a hostname over 32290 bytes will cause Sambar Server 4.3 to crash and allow for arbitrary code to be executed. Unusually long GET requests or POST commands will also achieve the same results. Other queries that rely on sambar.dll may be susceptible to this vulnerability as well.


 

Privacy Statement
Copyright 2010, SecurityFocus