SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Web Server/CGI)  >  Sambar Server Vendors:  Sambar Technologies
Sambar Server Contains Multiple Unspecified Vulnerabilities
SecurityTracker Alert ID:  1007819
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 26 2003
Impact:  Not specified
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 6.0 beta 6
Description:  Several vulnerabilities were reported in Sambar Server. The specific nature of these flaws was not disclosed, but one is reported to be a "significant" vulnerability.

Several security vulnerabilities were reported in Sambar Server.

Unspecified flaws were reported in the following scripts:

/cgi-bin/testcgi.exe
testisa.dll
samples /search.dll
/cgi-bin/environ.pl
/cgi-bin/mortgage.pl
/cgi-bin/book.pl
/cgi-bin/dumpenv.pl

In addition, unspecified flaws were reported in '/samples/*.shtml'

An unspecified but "significant" flaw was reported in the HTTP Proxy server.

David Endler of iDEFENSE is credited with reporting these flaws.

[Editor's note: The vendor's web site provided only limited information about these vulnerabilities. When iDEFENSE releases their advisory, we will update this alert if additional details are available.]
Impact:  The impact was not disclosed.
Solution:  The vendor has released a fixed version (6.0 beta 6 release), to be available shortly at:

http://www.sambar.com/
Vendor URL:  www.sambar.com/security.htm (Links to External Site)
Cause:  Not specified
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Fri, 26 Sep 2003 00:47:23 -0400
Subject:  http://www.sambar.com/security.htm

 

Several security vulnerabilities have been reported in Sambar Server.

David Endler of iDEFENSE is credited with reporting these flaws.

The vendor indicates that the flaws have been fixed in the 6.0 beta 6 release.

http://www.sambar.com/security.htm


 > /cgi-bin/testcgi.exe should be removed (shipped in 5.X releases).
 >
 > testisa.dll should be removed (shipped in 5.X releases.)
 >
 > samples/search.dll should be removed (shipped in 5.x releases.)
 >
 > /cgi-bin/environ.pl, /cgi-bin/mortgage.pl, /cgi-bin/book.pl and /cgi-bin/dumpenv.pl
 > should be removed (shipped prior to 6.0 beta 6.)
 >
 > /samples/*.shtml should be removed (shipped prior to 6.0 beta 6.)
 >
 > The auto-execution of .pl CGI scripts can be exploited to attack Windows devices (prior
 > to the 6.0 beta 3). The config.ini parameter Perl Executable should be removed and perl
 > scripts specified using the #! directive at the top of the CGI script.
 >
 > The HTTP Proxy server (prior to 6.0 beta) contains a significant security vulnerability;
 > all 5.x proxy servers should be disabled or you should disallow 127.0.0.1 via a
 > proxydeny entry in the security.ini file.
 >


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC