PT-2011-4210 · Sunway · Sunway Forcecontrol

Publicado

2011-07-29

Atualizado

2011-08-01

CVE-2011-2960

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sunway ForceControl versions 6.1 SP1, SP2, and SP3

Description The issue is a heap-based buffer overflow in the httpsvr.exe version 6.0.5.3, which can be exploited by remote attackers using a crafted URL. This can cause a denial of service, resulting in a crash, and potentially allow the execution of arbitrary code.

Recommendations For Sunway ForceControl versions 6.1 SP1, SP2, and SP3, consider restricting access to the httpsvr.exe until a patch is available. As a temporary workaround, avoid using crafted URLs that could trigger the buffer overflow in the httpsvr.exe. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2011-2960

Produtos afetados

Sunway Forcecontrol

PT-2011-4210 · Sunway · Sunway Forcecontrol

CVE-2011-2960

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8