ServerView 04.60.07 suffers from a buffer overflow vulnerability in SnmpGetMibValues.exe.
4739529a2355a01e57539044a28d61099f1bb048ef59b30fee51159663a0510a
Title
-----
DDIVRT-2008-12-ServerView SnmpGetMibValues.exe Buffer Overflow
Severity
--------
High
Date Discovered
---------------
May 1st, 2008
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James, Mike James, and r@b13$
Vulnerability Description
-------------------------
ServerView is a server management suite. Several buffer overflow
conditions exist in remotely-accessible portions of the suite.
Authenticated users (by default, all users) can cause a stack overflow
by sending a specially-crafted URL to the ServerView web interface.
Successful exploitation results in the execution of arbitrary code.
Solution Description
--------------------
Authenticate remote users who use the web interface to minimize
potential malicious users.
As of yet, a patch has not been issued by the vendor.
Tested Systems / Software (with versions)
------------------------------------------
ServerView 04.60.07 was tested on Windows XP. Other versions are
assumed to be vulnerable.
Vendor Contact
--------------
Name: Fujitsu Siemens
Website: https://www.fujitsu-siemens.com/
Contact Information:
Contact form -
https://support.fujitsu-siemens.com/com/support/contact/contact.html