sambar.remote.dos.txt

`Remote attack on Sambar Server 4.3 Beta 2  
  
It is possible to crash sambar server by causing buffer overflow.  
The attack isn't recorded at the logs.  
You can make the attack by connecting the remote server at port 80,  
by telnet or any other program you find.  
You can do it by connection to the remote server to port 80, write "get"  
  
and keep pressing enter until the connection will be lost (you should  
click and  
not realese the enter button).  
Faster way to do it is by connecting to the server and entering this  
commands:  
  
get  
  
  
get  
  
  
  
g  
g  
g  
  
  
Return-Path: <[email protected]>  
Date: Tue, 07 Dec 1999 20:52:08 +0200  
X-Accept-Language: en  
Subject: Sambar Server 4.3 BETA 2 Bug  
  
[Part #1: Type: text/plain, Encoding: 7bit, Size: 794]  
  
It is possible to totaly destroy the server by overflowing the server.  
When the attack is made the part of sambar that controls port 80 is  
damaged and becomes useless.  
  
The attack is made by your browser, you should connect to the server to  
this URL:  
www.sambar.com/session/adminlogin?RCpage=/sysadmin/index.stm (when  
www.sambar.com is the name of your sambar server).  
  
When it asks for username/password enter very long username and password  
(over 256 chars), you will know that it's long enough when you won't see  
anymore what you typed, you must enter ir in both username and password.  
  
Repeat this proccess for some time (about 5-10 times), you won't see any  
result but the next time the server is started it will show message box  
that says: "Failure initilazing server, see server.log".  
  
  
`