Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0939

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0939
Last Modified 05 Sep 2008 04:35:36
Published 15 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0939

Summary

eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.

Vulnerable Systems

Application

  • Sap Db 7.4.03.27


References

ATSTAKE - A111703-1

CONFIRM - http://www.sapdb.org/7.4/new_relinfo.txt


Last Updated: 27 May 2016 10:38:06