Email us! Subscribe to Liquidmatrix!

SAP DB Web Server Buffer Overflow Vulnerability

Author: Dave Lewis
July 6, 2007 at 4:37 pm · Filed under Vulnerability

Mark Litchfield, from NGSSoftware, has done it again. This time he has discovered a vulnerability in SAP DB.

Description:
Mark Litchfield has reported a vulnerability in SAP DB, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within waHTTP.exe and can be exploited to cause a stack-based buffer overflow via a specially crafted HTTP request to default port 9999/TCP.

Successful exploitation allows execution of arbitrary code, but requires that SAP DB is installed to run on its own web server.

Solution:
Update to the latest version.

Provided and/or discovered by:
Mark Litchfield, NGSSoftware

Original Advisory:
http://www.ngssoftware.com/advisories…-in-sap-db-web-server-stack-overflow/

Article Link

Tags: , ,

Tag It:
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • Fark
  • YahooMyWeb
  • Furl
  • Spurl
  • Ma.gnolia
  • NewsVine
Related Articles:

  • IBM Lotus Domino XSS and Buffer Overflow Vulnerabilities
  • Microsoft Windows Vector Markup Language Buffer Overflow
  • WinDVD ActiveX Control Buffer Overflow
  • Yahoo! Messenger Buffer Overflow
  • Ask Toolbar ActiveX Control Buffer Overflow

    • Leave a Comment