ID de Prueba:	1.3.6.1.4.1.25623.1.0.100541
Categoría:	Databases
Título:	SAP MaxDB 'serv.exe' Unspecified RCE Vulnerability (1409425)
Resumen:	SAP MaxDB is prone to an unspecified remote code execution (RCE); vulnerability because it fails to sufficiently validate user-supplied input.
Descripción:	Summary: SAP MaxDB is prone to an unspecified remote code execution (RCE) vulnerability because it fails to sufficiently validate user-supplied input. Vulnerability Insight: Stack-based buffer overflow in serv.exe allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. Vulnerability Impact: An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. Affected Software/OS: SAP MaxDB version 7.4.3.32 and 7.6.0.37 through 7.6.06 are known to be affected. Solution: Vendor updates are available through SAP note 1409425. Please contact the vendor for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1185 BugTraq ID: 38769 http://www.securityfocus.com/bid/38769 Bugtraq: 20100316 ZDI-10-032: SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/510125/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-032/ http://osvdb.org/63047 http://www.securitytracker.com/id?1023719 http://secunia.com/advisories/38955 http://www.vupen.com/english/advisories/2010/0643 XForce ISS Database: maxdb-serv-bo(56950) https://exchange.xforce.ibmcloud.com/vulnerabilities/56950
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.