CVE-2011-2960
published 2011-07-29CVE-2011-2960: Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and…
PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
17.57%
96.8th percentile
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sunwayland | forcecontrol | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\xeb\x06\x90\x90
bytes↗
0x719737FA
- →Detect oversized GET request URLs targeting httpsvr.exe on port 80; the exploit sends a GET request with a URL payload of ~4058+ bytes (1599 'H' chars + SEH overwrite + shellcode). ↗
- →Alert on HTTP GET requests where the URI length exceeds 1599 bytes directed at Sunway ForceControl httpsvr.exe (port 80); this is the minimum buffer size before the SEH overwrite begins. ↗
- →Look for the SEH overwrite gadget address 0x719737FA (pop/pop/ret) within the raw TCP stream of HTTP requests to port 80 as a high-confidence exploit indicator. ↗
- →The exploit uses a short JMP-over stub (\xeb\x06\x90\x90) immediately before the SEH handler address; detect this 4-byte sequence in HTTP URI payloads. ↗
- ·The exploit targets httpsvr.exe version 6.0.5.3 specifically within Sunway ForceControl 6.1 SP1, SP2, and SP3; the SEH gadget address 0x719737FA is version/build-specific and may not apply to other builds. ↗
- ·The exploit hardcodes port 80 for the HTTP server; verify the actual listening port of httpsvr.exe in the target environment as it may differ. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h6jm-wj6c-j44v: Heap-based buffer overflow in httpsvr
ghsa_unreviewed·2022-05-17
CVE-2011-2960 [HIGH] CWE-119 GHSA-h6jm-wj6c-j44v: Heap-based buffer overflow in httpsvr
Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ForceControl 6.1 SP1, SP2, and SP3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted URL.
Red Hat
CVE-2011-2184: The key_replace_session_keyring function in security/keys/process_keys
vendor_redhat·CVSS 7.8
CVE-2011-2184 [HIGH] CVE-2011-2184: The key_replace_session_keyring function in security/keys/process_keys
The key_replace_session_keyring function in security/keys/process_keys.c in the Linux kernel before 2.6.39.1 does not initialize a certain structure member, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a KEYCTL_SESSION_TO_PARENT argument to the keyctl function, a different vulnerability than CVE-2010-2960.
Statement: Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as
they did not backport the upstream commit 47a150edc2a that introduced this issue.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/45033http://securitytracker.com/id?1025672http://www.cnvd.org.cn/vulnerability/CNVD-2011-05347http://www.osvdb.org/73124http://www.sunwayland.com.cn/news_info_.asp?Nid=3593http://www.us-cert.gov/control_systems/pdf/ICSA-11-167-01.pdfhttp://secunia.com/advisories/45033http://securitytracker.com/id?1025672http://www.cnvd.org.cn/vulnerability/CNVD-2011-05347http://www.osvdb.org/73124http://www.sunwayland.com.cn/news_info_.asp?Nid=3593http://www.us-cert.gov/control_systems/pdf/ICSA-11-167-01.pdf
2011-07-29
Published