SNMPc Network Manager SNMP TRAP community string buffer overflow

2008-07-21T00:00:00
ID SAINT:FF586D1AB91AF76798AD2541925578C6
Type saint
Reporter SAINT Corporation
Modified 2008-07-21T00:00:00

Description

Added: 07/21/2008
CVE: CVE-2008-2214
BID: 28990
OSVDB: 44885

Background

SNMPc Network Manager is a distributed network management and monitoring solution.

Problem

A buffer overflow vulnerability in SNMPc Network Manager allows remote attackers to execute arbitrary commands by sending an SNMP TRAP message with a long, specially crafted community string.

Resolution

Upgrade to SNMPc Network Manager version 7.1.1 or higher.

References

<http://archives.neohapsis.com/archives/bugtraq/2008-04/0361.html>

Limitations

Exploit works on SNMPc Network Manager 7.1.0. It may take longer than usual to establish the connection after successful exploitation.

Platforms

Windows 2000
Windows Server 2003