ID CVE-2003-1287 Type cve Reporter NVD Modified 2017-07-10T21:29:51
Description
Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device.
{"osvdb": [{"lastseen": "2017-04-28T13:20:00", "bulletinFamily": "software", "description": "## Vulnerability Description\nSambar Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a specially-crafted request containing a valid device name is sent to the server. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 6.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nSambar Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a specially-crafted request containing a valid device name is sent to the server. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.\n## Manual Testing Notes\nPOST /cgi-bin/com1.pl HTTP/1.0\n\nThe above request will initiate the Perl interpreter (perl.exe) to process code from the COM1 port. An attacker can supply code to the interpreter by connecting to the target system through a null-modem cable with a terminal application.\n## References:\n[Vendor Specific Advisory URL](http://www.sambar.com/security.htm)\nSecurity Tracker: 1007819\n[Secunia Advisory ID:9578](https://secuniaresearch.flexerasoftware.com/advisories/9578/)\n[Related OSVDB ID: 5780](https://vulners.com/osvdb/OSVDB:5780)\n[Related OSVDB ID: 5785](https://vulners.com/osvdb/OSVDB:5785)\n[Related OSVDB ID: 5782](https://vulners.com/osvdb/OSVDB:5782)\n[Related OSVDB ID: 5783](https://vulners.com/osvdb/OSVDB:5783)\n[Related OSVDB ID: 5784](https://vulners.com/osvdb/OSVDB:5784)\n[Related OSVDB ID: 5786](https://vulners.com/osvdb/OSVDB:5786)\nOther Advisory URL: http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true\nMail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=108335071417386&w=2\nISS X-Force ID: 13305\n[CVE-2003-1287](https://vulners.com/cve/CVE-2003-1287)\n", "modified": "2003-09-25T05:43:49", "published": "2003-09-25T05:43:49", "href": "https://vulners.com/osvdb/OSVDB:5781", "id": "OSVDB:5781", "title": "Sambar Server DOS Device Name Code Execution", "type": "osvdb", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}