Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4341

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-4341
Last Modified 16 Aug 2012 11:54:50
Published 15 Aug 2012 05:55:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4341

Summary

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.

Vulnerable Systems

Application

  • Sap Netweaver Abap 7.0

  • Sap Netweaver Abap 7.02

  • Sap Netweaver Abap 7.03


References

MISC - https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840

MISC - https://service.sap.com/sap/support/notes/1649838

MISC - http://www.zerodayinitiative.com/advisories/ZDI-12-112/

MISC - http://www.zerodayinitiative.com/advisories/ZDI-12-111/

MISC - http://www.zerodayinitiative.com/advisories/ZDI-12-104/

SECTRACK - 1027211

SECUNIA - 49744

CONFIRM - http://scn.sap.com/docs/DOC-8218


Last Updated: 27 May 2016 10:49:40