[NEWS] SAP-DB/MaxDB WebDBM Buffer Overflow
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 30 Aug 2006 11:56:27 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
SAP-DB/MaxDB WebDBM Buffer Overflow
------------------------------------------------------------------------
SUMMARY
A connection from a WebDBM Client to the DBM Server causes a buffer
overflow when the given database name is too large. This can result in the
execution of arbitrary code in the context of the database server.
DETAILS
SAP-DB/MaxDB is a heavy-duty, SAP-certified open source database for OLTP
and OLAP usage which offers high reliability, availability, scalability
and a very comprehensive feature set. It is targeted for large mySAP
Business Suite environments and other applications that require maximum
enterprise-level database functionality and complements the MySQL database
server.
A remotely exploitable vulnerability exists in MaxDB's WebDBM. Due to an
input validation error, it is possible to execute arbitrary code with the
privileges of the 'wahttp' process by sending a malformed HTTP request.
Authentication is not required for successful exploitation to occur.
Vendor Response:
The above vulnerability has been fixed in the latest release of the
product, MaxDB 7.6.00.31.
Licensed and evaluation versions of MaxDB are available for download in
the download section of www.mysql.com/maxdb:
<http://dev.mysql.com/downloads/maxdb/7.6.00.html>
http://dev.mysql.com/downloads/maxdb/7.6.00.html.
If there are any further questions about this statement, please contact
mysql-MaxDB support.
Please note that SAP customers receive their downloads via the SAP Service
Marketplace www.service.sap.com and must not use downloads from the
addresses above for their SAP solutions.
Recommendation:
The vendor has released MaxDB 7.6.00.31 to address this issue. Users
should contact the vendor to obtain the appropriate upgrade.
As a temporary workaround the SAP-DB WWW Service should either be disabled
or have access to it restricted using appropriate network or client based
access controls.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4305>
CVE-2006-4305
ADDITIONAL INFORMATION
The information has been provided by <mailto:Oliver_Karow@xxxxxxxxxxxx>
Oliver Karow.
The original article can be found at:
<http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt>
http://www.symantec.com/enterprise/research/SYMSA-2006-009.txt
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Microsoft Windows DHCP Client Service Buffer Overflow (MS06-036)
- Next by Date: [UNIX] CMS Mundo SQL Injection and File Upload Vulnerabilities
- Previous by thread: [NT] Microsoft Windows DHCP Client Service Buffer Overflow (MS06-036)
- Next by thread: [UNIX] CMS Mundo SQL Injection and File Upload Vulnerabilities
- Index(es):
Relevant Pages
|
