APP: Sunway Forcecontrol SNMP NetDBServer.exe Overflow
This signature detects attempts to exploit a known flaw in Sunway Forcecontrol SNMP NetDBServer. A stack based buffer overflow has been found in the SNMP NetDBServer service of Sunway Forcecontrol <= 6.1 sp3. The overflow is triggered when sending an overly long string to the listening service on port 2001. A successful attack may result in arbitrary code execution.
Extended Description
Sunway ForceControl is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the affected application, retrieve arbitrary files outside of the server root directory, or cause denial-of-service conditions; other attacks may also be possible. Sunway ForceControl versions 6.1 sp3 and prior are vulnerable.
Affected Products
Sunway forcecontrol,Sunway forcecontrol
References
BugTraq: 49747
CVE: CVE-2011-2960
URL: http://aluigi.altervista.org/adv/forcecontrol_1-adv.txt
Short Name
SCADA:SUNWAY-FORCECONTROL-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SCADA
Keywords
CVE-2011-2960 Forcecontrol NetDBServer.exe Overflow SNMP Sunway bid:49747
Release Date
10/31/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/2001,2006,8800
False Positive
Unknown
Vendors
Sunway
CVSS Score
10.0