PRODUCT ------- The Sambar Server is a multi-threaded HTTP, FTP and Proxy server for Windows NT and Windows 95. AFFECTED VERSIONS ----------------- All version of Sambar server running under Windows NT 4.0 and Windows 2000. Windows 98 version is vulnerable. VULNERABILITY DESCRIPTION ------------------------- The default installation of Sambar server, put into server's /CGI-BIN/ directory two .BAT files - ECHO.BAT and HELLO.BAT. These are simple files with just one "echo" command in them. However under Windows NT these files can cause a lot of trouble. The problem IMHO lays in CMD.EXE, the example follows: http://yourdomain/cgi-bin/hello.bat?&dir+c:\ You'll see a nice listing of your C: drive :-)) Sambar server runs with Administrator privileges under NT so even if you use NTFS, you still will be affected. SOLUTION -------- Delete any .BAT files in /CGI-BIN/ directory of your Sambar server. CREDIT ------ This bug was discovered by Georich Chorbadzhiyski and Nikolay Tsvetkov.