cbcvebase.
CVE-2004-2086
published 2004-02-06

CVE-2004-2086: Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and…

PriorityP348medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
73.60%
99.4th percentile
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
sambarsambar_server

Detection & IOCsextracted from sources · hover to see the quote

path/search/results.stm
commandPOST /search/results.stm HTTP/1.1
commandstyle=page&spage=0&indexname=docs&query=<overflow>
bytes
BadChars: \x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c
  • Detect exploit attempts by matching HTTP POST requests to the path /search/results.stm with an oversized 'query' parameter in the POST body.
  • Fingerprint Sambar Server presence by checking HTTP response banner for 'Server: SAMBAR' header before exploitation.
  • POST body for exploit contains the fixed pattern 'spage=0&indexname=docs&query=' followed by a large overflow buffer; alert on POST bodies to results.stm containing this parameter combination with abnormally large query values.
  • The exploit shellcode stub begins with \xfc followed by a packed return address; look for this byte pattern in POST body payloads targeting Sambar.
  • ·The exploit unconditionally crashes the Sambar service regardless of whether the correct target platform is selected; do not test against production systems.
  • ·Return addresses (Ret/jmpESP) are hardcoded per OS version (Windows 2000 vs XP SP0); detections based on these values are platform-specific and may not cover all variants.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.