Mnet Soft Factory NodeManager Professional SNMP Trap Handling Buffer Overflow Vulnerability

Bugtraq ID:	12283
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 17 2005 12:00AM
Updated:	Jan 17 2005 12:00AM
Credit:	Discovery of this vulnerability is credited to Tan Chew Keong <[email protected]>.
Vulnerable:	Mnet Soft Factory NodeManager Professional 2.0
Not Vulnerable:	Mnet Soft Factory NodeManager Professional 2.0.1

Mnet Soft Factory NodeManager Professional SNMP Trap Handling Buffer Overflow Vulnerability

Mnet Soft Factory NodeManager Professional is reported prone to a remote buffer overflow vulnerability. The issue exists due to a lack of sufficient boundary checks performed on SNMP LinkDown-Trap variable-bindings field data.

A remote attacker may exploit this vulnerability to execute arbitrary code in the context of the user that is running the affected software.

Mnet Soft Factory NodeManager Professional SNMP Trap Handling Buffer Overflow Vulnerability

The following exploit has been made available:

• /data/vulnerabilities/exploits/nodemgrPOC.cpp

Mnet Soft Factory NodeManager Professional SNMP Trap Handling Buffer Overflow Vulnerability

Solution:
The vendor has released NodeManager Professional Version 2.01 to address this vulnerability:

Mnet Soft Factory NodeManager Professional SNMP Trap Handling Buffer Overflow Vulnerability

References:

• NodeManager Professional Homepage (Mnet Soft Factory)
  
• [SIG^2 G-TEC] NodeManager Professional V2.00 Buffer Overflow Vulnerability (Tan Chew Keong )