// For flags

CVE-2010-1185

SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information.

Desbordamiento de búfer basado en pila en serv.exe de SAP MaxDB v7.4.3.32, y v7.6.0.37 hasta la v7.6.06. Permite a atacantes remotos ejecutar código de su elección a través de un parámetro de longitud inválido en un paquete de "handshake" (establecimiento de conexión) al puerto TCP 7210. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the serv.exe process which listens by default on TCP port 7210. The process trusts a value from a handshake packet and uses it as a length when copying data to the stack. If provided a malicious value and packet data, this can be leveraged to execute arbitrary code under the context of the SYSTEM user.

*Credits: AbdulAziz Hariri of Insight Technologies
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-03-16 CVE Published
  • 2010-03-26 First Exploit
  • 2010-03-29 CVE Reserved
  • 2024-07-01 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
Maxdb
Search vendor "Sap" for product "Maxdb"
7.4.3.32
Search vendor "Sap" for product "Maxdb" and version "7.4.3.32"
-
Affected
Sap
Search vendor "Sap"
Maxdb
Search vendor "Sap" for product "Maxdb"
7.6.0.37
Search vendor "Sap" for product "Maxdb" and version "7.6.0.37"
-
Affected
Sap
Search vendor "Sap"
Maxdb
Search vendor "Sap" for product "Maxdb"
7.6.06
Search vendor "Sap" for product "Maxdb" and version "7.6.06"
-
Affected