CVE-2010-1185
SAP MaxDB Malformed Handshake Request Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information.
Desbordamiento de búfer basado en pila en serv.exe de SAP MaxDB v7.4.3.32, y v7.6.0.37 hasta la v7.6.06. Permite a atacantes remotos ejecutar código de su elección a través de un parámetro de longitud inválido en un paquete de "handshake" (establecimiento de conexión) al puerto TCP 7210. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP MaxDB. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the serv.exe process which listens by default on TCP port 7210. The process trusts a value from a handshake packet and uses it as a length when copying data to the stack. If provided a malicious value and packet data, this can be leveraged to execute arbitrary code under the context of the SYSTEM user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-03-16 CVE Published
- 2010-03-26 First Exploit
- 2010-03-29 CVE Reserved
- 2024-07-01 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://osvdb.org/63047 | Vdb Entry | |
http://www.securityfocus.com/archive/1/510125/100/0/threaded | Mailing List | |
http://www.securitytracker.com/id?1023719 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-10-032 | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/56950 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/11886 | 2010-03-26 | |
http://www.securityfocus.com/bid/38769 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/38955 | 2018-10-10 | |
http://www.vupen.com/english/advisories/2010/0643 | 2018-10-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sap Search vendor "Sap" | Maxdb Search vendor "Sap" for product "Maxdb" | 7.4.3.32 Search vendor "Sap" for product "Maxdb" and version "7.4.3.32" | - |
Affected
| ||||||
Sap Search vendor "Sap" | Maxdb Search vendor "Sap" for product "Maxdb" | 7.6.0.37 Search vendor "Sap" for product "Maxdb" and version "7.6.0.37" | - |
Affected
| ||||||
Sap Search vendor "Sap" | Maxdb Search vendor "Sap" for product "Maxdb" | 7.6.06 Search vendor "Sap" for product "Maxdb" and version "7.6.06" | - |
Affected
|