Home page logo

fulldisclosure logo Full Disclosure mailing list archives

DDIVRT-2008-12-ServerView SnmpGetMibValues.exe Buffer Overflow
From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert () digitaldefense net>
Date: Thu, 3 Jul 2008 08:36:53 -0500



DDIVRT-2008-12-ServerView SnmpGetMibValues.exe Buffer Overflow






Date Discovered


May 1st, 2008


Discovered By


Digital Defense, Inc. Vulnerability Research Team

Credit: Steven James, Mike James, and r () b13$


Vulnerability Description


ServerView is a server management suite.  Several buffer overflow
conditions exist in remotely-accessible portions of the suite.
Authenticated users (by default, all users) can cause a stack overflow
by sending a specially-crafted URL to the ServerView web interface.


Successful exploitation results in the execution of arbitrary code.


Solution Description


Authenticate remote users who use the web interface to minimize
potential malicious users.


As of yet, a patch has not been issued by the vendor.


Tested Systems / Software (with versions)


ServerView 04.60.07 was tested on Windows XP.  Other versions are
assumed to be vulnerable.


Vendor Contact


Name: Fujitsu Siemens

Website: http://www.fujitsu-siemens.com/

Contact Information: 

Contact form -


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • DDIVRT-2008-12-ServerView SnmpGetMibValues.exe Buffer Overflow DDI_Vulnerability_Alert (Jul 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]