Sunway ForceControl SNMP NetDBServer Signed Integer Buffer Overflow

ID SAINT:F895EB5910EA2FB222167E80FB5CB54B
Type saint
Reporter SAINT Corporation
Modified 2011-09-29T00:00:00


Added: 09/29/2011
BID: 49747
OSVDB: 75798


Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of the components of this application.


SNMP NetDBServer is vulnerable to a stack buffer overflow as a result of a negative **Length** value being sign-extended into a long integer and then used as an unsigned value in a memcpy command, thereby overwriting the stack. This vulnerability can be exploited by a malicious user sending a specially crafted request to SNMP NetDBServer on port 2001/tcp.


Contact the vendor and apply a patch when one becomes available.




Exploit works on Sunway ForceControl 6.1 sp3 with Extra on Windows Server 2003 SP2 with KB956802 and KB2393802.


Windows Server 2003