Sign-up

ID

VAR-201107-0261


CVE

CVE-2011-2961


TITLE

Sunwayland pNetPower AngelServer.exe Heap Buffer Overflow Vulnerability

Trust: 0.8

sources: IVD: c1f3013a-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201107-469

DESCRIPTION

Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway pNetPower allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDP packet. Pnetpower is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Frost & Sullivan 2011 Report: Secunia Vulnerability Research \"Frost & Sullivan believes that Secunia continues to be a major player in the vulnerability research market due to its diversity of products that provide best-in-class coverage, quality, and usability.\" This is just one of the key factors that influenced Frost & Sullivan to select Secunia over other companies. Read the report here: http://secunia.com/products/corporate/vim/fs_request_2011/ ---------------------------------------------------------------------- TITLE: Sunway pNetPower AngelServer Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44990 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44990/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44990 RELEASE DATE: 2011-06-20 DISCUSS ADVISORY: http://secunia.com/advisories/44990/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44990/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44990 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sunway pNetPower, which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 6.1. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Dillon Beresford, NSS Labs. ORIGINAL ADVISORY: http://www.sunwayland.com.cn/news_info_.asp?Nid=3593 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2011-2961 // JVNDB: JVNDB-2011-003490 // BID: 78451 // IVD: c1f3013a-2354-11e6-abef-000c29c66e3d // PACKETSTORM: 102452

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: c1f3013a-2354-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:sunwaylandmodel:pnetpowerscope:eqversion:*

Trust: 1.0

vendor:sunway forcecontrolmodel:pnetpowerscope: - version: -

Trust: 0.8

vendor:sunwaylandmodel:pnetpowerscope: - version: -

Trust: 0.6

vendor:sunwaylandmodel:pnetpowerscope:eqversion:0

Trust: 0.3

vendor:pnetpowermodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: c1f3013a-2354-11e6-abef-000c29c66e3d // BID: 78451 // JVNDB: JVNDB-2011-003490 // CNNVD: CNNVD-201107-469 // NVD: CVE-2011-2961

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-2961
value: HIGH

Trust: 1.0

NVD: CVE-2011-2961
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201107-469
value: CRITICAL

Trust: 0.6

IVD: c1f3013a-2354-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2011-2961
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: c1f3013a-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: c1f3013a-2354-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2011-003490 // CNNVD: CNNVD-201107-469 // NVD: CVE-2011-2961

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2011-003490 // NVD: CVE-2011-2961

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201107-469

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: c1f3013a-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201107-469

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003490

PATCH
title:Top Pageurl:http://www.sunwayland.com.cn/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-003490

EXTERNAL IDS
db:NVDid:CVE-2011-2961
Trust: 2.9
db:ICS CERTid:ICSA-11-167-01
Trust: 2.7
db:SECTRACKid:1025673
Trust: 1.9
db:CNVDid:CNVD-2011-05348
Trust: 1.9
db:SECUNIAid:44990
Trust: 1.7
db:OSVDBid:73123
Trust: 1.6
db:CNNVDid:CNNVD-201107-469
Trust: 0.8
db:JVNDBid:JVNDB-2011-003490
Trust: 0.8
db:BIDid:78451
Trust: 0.3
db:IVDid:C1F3013A-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:PACKETSTORMid:102452
Trust: 0.1
sources:
            
            
            IVD: c1f3013a-2354-11e6-abef-000c29c66e3d // 
            
            
            
            BID: 78451 // 
            
            
            
            JVNDB: JVNDB-2011-003490 // 
            
            
            
            PACKETSTORM: 102452 // 
            
            
            
            CNNVD: CNNVD-201107-469 // 
            
            
            
            NVD: CVE-2011-2961

REFERENCES
url:http://www.us-cert.gov/control_systems/pdf/icsa-11-167-01.pdf
Trust: 2.7
url:http://www.sunwayland.com.cn/news_info_.asp?nid=3593
Trust: 2.0
url:http://securitytracker.com/id?1025673
Trust: 1.9
url:http://www.cnvd.org.cn/vulnerability/cnvd-2011-05348
Trust: 1.9
url:http://www.osvdb.org/73123
Trust: 1.6
url:http://secunia.com/advisories/44990
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-2961
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2961
Trust: 0.8
url:http://secunia.com/products/corporate/vim/fs_request_2011/
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/44990/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/44990/#comments
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44990
Trust: 0.1
sources:
            
            
            BID: 78451 // 
            
            
            
            JVNDB: JVNDB-2011-003490 // 
            
            
            
            PACKETSTORM: 102452 // 
            
            
            
            CNNVD: CNNVD-201107-469 // 
            
            
            
            NVD: CVE-2011-2961

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78451

SOURCES
db:IVDid:c1f3013a-2354-11e6-abef-000c29c66e3d
db:BIDid:78451
db:JVNDBid:JVNDB-2011-003490
db:PACKETSTORMid:102452
db:CNNVDid:CNNVD-201107-469
db:NVDid:CVE-2011-2961

LAST UPDATE DATE
2025-04-11T22:59:26.858000+00:00

SOURCES UPDATE DATE
db:BIDid:78451date:2011-07-29T00:00:00
db:JVNDBid:JVNDB-2011-003490date:2011-12-22T00:00:00
db:CNNVDid:CNNVD-201107-469date:2011-08-02T00:00:00
db:NVDid:CVE-2011-2961date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:c1f3013a-2354-11e6-abef-000c29c66e3ddate:2011-07-29T00:00:00
db:BIDid:78451date:2011-07-29T00:00:00
db:JVNDBid:JVNDB-2011-003490date:2011-12-22T00:00:00
db:PACKETSTORMid:102452date:2011-06-20T02:03:37
db:CNNVDid:CNNVD-201107-469date:2011-07-29T00:00:00
db:NVDid:CVE-2011-2961date:2011-07-29T19:55:04.093