SNMPc Network Manager SNMP TRAP community string buffer overflow

Added: 07/21/2008
CVE: CVE-2008-2214
BID: 28990
OSVDB: 44885

Background

SNMPc Network Manager is a distributed network management and monitoring solution.

Problem

A buffer overflow vulnerability in SNMPc Network Manager allows remote attackers to execute arbitrary commands by sending an SNMP TRAP message with a long, specially crafted community string.

Resolution

Upgrade to SNMPc Network Manager version 7.1.1 or higher.

References

http://archives.neohapsis.com/archives/bugtraq/2008-04/0361.html

Limitations

Exploit works on SNMPc Network Manager 7.1.0. It may take longer than usual to establish the connection after successful exploitation.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index