SAP RFC_Start_Gui RFC Function Unspecified Buffer Overflow Vulnerability
BID:23304
Info
SAP RFC_Start_Gui RFC Function Unspecified Buffer Overflow Vulnerability
| Bugtraq ID: | 23304 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2007 12:00AM |
| Updated: | Apr 05 2007 05:12PM |
| Credit: | Mariano Nuñez Di Croce reported this issue. |
| Vulnerable: |
SAP RFC Library 7.00 SAP RFC Library 6.40 |
| Not Vulnerable: | |
Discussion
SAP RFC_Start_Gui RFC Function Unspecified Buffer Overflow Vulnerability
The SAP RFC Library is prone to an unspecified buffer-overflow vulnerability because it fails to perform adequate bounds-checking on user-supplied data before copying it to an insufficiently sized buffer.
An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
The SAP RFC Library is prone to an unspecified buffer-overflow vulnerability because it fails to perform adequate bounds-checking on user-supplied data before copying it to an insufficiently sized buffer.
An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Exploit / POC
SAP RFC_Start_Gui RFC Function Unspecified Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
SAP RFC_Start_Gui RFC Function Unspecified Buffer Overflow Vulnerability
Solution:
The vendor has released updates to address this issue. More information can be found on SAP Note 1003908. Please see the references for more information.
Solution:
The vendor has released updates to address this issue. More information can be found on SAP Note 1003908. Please see the references for more information.
References
SAP RFC_Start_Gui RFC Function Unspecified Buffer Overflow Vulnerability
References:
References:
- SAP Homepage (SAP)
- SAP RFC_START_GUI RFC Function Buffer Overflow (CYBSEC )