[Full-disclosure] DDIVRT-2008-12-ServerView SnmpGetMibValues.exe Buffer Overflow
DDI_Vulnerability_Alert
DDI.VulnerabilityAlert at digitaldefense.net
Thu Jul 3 14:36:53 BST 2008
Title
-----
DDIVRT-2008-12-ServerView SnmpGetMibValues.exe Buffer Overflow
Severity
--------
High
Date Discovered
---------------
May 1st, 2008
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James, Mike James, and r at b13$
Vulnerability Description
-------------------------
ServerView is a server management suite. Several buffer overflow
conditions exist in remotely-accessible portions of the suite.
Authenticated users (by default, all users) can cause a stack overflow
by sending a specially-crafted URL to the ServerView web interface.
Successful exploitation results in the execution of arbitrary code.
Solution Description
--------------------
Authenticate remote users who use the web interface to minimize
potential malicious users.
As of yet, a patch has not been issued by the vendor.
Tested Systems / Software (with versions)
------------------------------------------
ServerView 04.60.07 was tested on Windows XP. Other versions are
assumed to be vulnerable.
Vendor Contact
--------------
Name: Fujitsu Siemens
Website: http://www.fujitsu-siemens.com/
Contact Information:
Contact form -
http://support.fujitsu-siemens.com/com/support/contact/contact.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080703/34bf8460/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.