Test Kennung:	1.3.6.1.4.1.25623.1.0.100541
Kategorie:	Databases
Titel:	SAP MaxDB 'serv.exe' Unspecified RCE Vulnerability (1409425)
Zusammenfassung:	SAP MaxDB is prone to an unspecified remote code execution (RCE); vulnerability because it fails to sufficiently validate user-supplied input.
Beschreibung:	Summary: SAP MaxDB is prone to an unspecified remote code execution (RCE) vulnerability because it fails to sufficiently validate user-supplied input. Vulnerability Insight: Stack-based buffer overflow in serv.exe allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. Vulnerability Impact: An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. Affected Software/OS: SAP MaxDB version 7.4.3.32 and 7.6.0.37 through 7.6.06 are known to be affected. Solution: Vendor updates are available through SAP note 1409425. Please contact the vendor for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1185 BugTraq ID: 38769 http://www.securityfocus.com/bid/38769 Bugtraq: 20100316 ZDI-10-032: SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/510125/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-032/ http://osvdb.org/63047 http://www.securitytracker.com/id?1023719 http://secunia.com/advisories/38955 http://www.vupen.com/english/advisories/2010/0643 XForce ISS Database: maxdb-serv-bo(56950) https://exchange.xforce.ibmcloud.com/vulnerabilities/56950
Copyright	Copyright (C) 2010 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.