SAP RFC Library System_Create_Instance Function Buffer Overflow Vulnerability
BID:23307
Info
SAP RFC Library System_Create_Instance Function Buffer Overflow Vulnerability
| Bugtraq ID: | 23307 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 04 2007 12:00AM |
| Updated: | Apr 05 2007 07:32PM |
| Credit: | Victor Montero and Gustavo Kunst are credited with the discovery of this issue. |
| Vulnerable: |
SAP RFC Library 7.00 SAP RFC Library 6.40 |
| Not Vulnerable: | |
Discussion
SAP RFC Library System_Create_Instance Function Buffer Overflow Vulnerability
SAP RFC Library is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.
Few details regarding this issue are currently available. This BID will be updated as more information emerges.
An attacker can exploit this issue to execute arbitrary commands over external RFC servers. Failed attempts will likely cause denial-of-service conditions.
SAP RFC Library is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.
Few details regarding this issue are currently available. This BID will be updated as more information emerges.
An attacker can exploit this issue to execute arbitrary commands over external RFC servers. Failed attempts will likely cause denial-of-service conditions.
Exploit / POC
SAP RFC Library System_Create_Instance Function Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
SAP RFC Library System_Create_Instance Function Buffer Overflow Vulnerability
Solution:
The vendor has released fixes to address this issue. Please contact the vendor for information on how to obtain and apply these fixes.
More details can be found in SAP Note 1003910.
Solution:
The vendor has released fixes to address this issue. Please contact the vendor for information on how to obtain and apply these fixes.
More details can be found in SAP Note 1003910.
References
SAP RFC Library System_Create_Instance Function Buffer Overflow Vulnerability
References:
References: