

DDIVRT-2008-12-ServerView SnmpGetMibValues.exe Buffer Overflow






Date Discovered


May 1st, 2008


Discovered By


Digital Defense, Inc. Vulnerability Research Team

Credit: Steven James, Mike James, and [EMAIL PROTECTED]


Vulnerability Description


ServerView is a server management suite.  Several buffer overflow
conditions exist in remotely-accessible portions of the suite.
Authenticated users (by default, all users) can cause a stack overflow
by sending a specially-crafted URL to the ServerView web interface.


Successful exploitation results in the execution of arbitrary code.


Solution Description


Authenticate remote users who use the web interface to minimize
potential malicious users.


As of yet, a patch has not been issued by the vendor.


Tested Systems / Software (with versions)


ServerView 04.60.07 was tested on Windows XP.  Other versions are
assumed to be vulnerable.


Vendor Contact


Name: Fujitsu Siemens

Website: http://www.fujitsu-siemens.com/

Contact Information: 

Contact form -


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to