Info

Disclosure

Nov 17, 2003

Discovery

Nov 17, 2003

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in SAP DB Version 7.4.03.30 (and earlier). By default, the web-tools installation are vulnerable to a buffer overflow in the waecho service. By sending a long HTTP request to the waecho service, a remote attacker could overflow a buffer and execute arbitrary code on the system

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity

Solution

Upgrade to version 7.4.03.30 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

SAP AG

SAP DB

7.4.03.27

References

Secunia Advisory ID: 10251
ISS X-Force ID: 13773
CVE ID: 2003-0944 (see also: NVD)
Bugtraq ID: 9050
Other Advisory URL: http://attrition.org/security/advisory/atstake/atstake-03-11-17.sap_db_webtools
http://www.atstake.com/research/advisories/2003/a111703-2.txt [ Link is 404 ]
Vendor URL: http://www.sapdb.org/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3084