MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS

2005-01-19T09:28:57
ID OSVDB:13085
Type osvdb
Reporter OSVDB
Modified 2005-01-19T09:28:57

Description

Vulnerability Description

MaxDB contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted request is sent to the WEBDAV handler code which triggers a null pointer dereference in the sapdbwa_GetUserData() function, and will result in loss of availability for the service.

Solution Description

Upgrade to version 7.5.00.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

MaxDB contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted request is sent to the WEBDAV handler code which triggers a null pointer dereference in the sapdbwa_GetUserData() function, and will result in loss of availability for the service.

References:

Vendor URL: http://www.mysql.com/products/maxdb/ Security Tracker: 1012948 Secunia Advisory ID:13917 Related OSVDB ID: 13086 Other Advisory URL: http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0624.html ISS X-Force ID: 18986 CVE-2005-0081