[<prev] [next>] [month] [year] [list]
Date: Thu, 3 Jul 2008 08:36:53 -0500
From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert@...italdefense.net>
To: <full-disclosure@...ts.grok.org.uk>
Subject: DDIVRT-2008-12-ServerView SnmpGetMibValues.exe
Buffer Overflow
Title
-----
DDIVRT-2008-12-ServerView SnmpGetMibValues.exe Buffer Overflow
Severity
--------
High
Date Discovered
---------------
May 1st, 2008
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James, Mike James, and r@...$
Vulnerability Description
-------------------------
ServerView is a server management suite. Several buffer overflow
conditions exist in remotely-accessible portions of the suite.
Authenticated users (by default, all users) can cause a stack overflow
by sending a specially-crafted URL to the ServerView web interface.
Successful exploitation results in the execution of arbitrary code.
Solution Description
--------------------
Authenticate remote users who use the web interface to minimize
potential malicious users.
As of yet, a patch has not been issued by the vendor.
Tested Systems / Software (with versions)
------------------------------------------
ServerView 04.60.07 was tested on Windows XP. Other versions are
assumed to be vulnerable.
Vendor Contact
--------------
Name: Fujitsu Siemens
Website: http://www.fujitsu-siemens.com/
Contact Information:
Contact form -
http://support.fujitsu-siemens.com/com/support/contact/contact.html
[ CONTENT OF TYPE text/html SKIPPED ]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux