SAP DB / MaxDB Web Server DBM_INTERN_TEST Event Buffer Overflow

high Nessus Plugin ID 25681

Synopsis

The remote web server is susceptible to a buffer overflow attack.

Description

The remote host is running SAP DB or MaxDB, a SAP-certified open- source database supporting OLTP and OLAP.

According to its version, the Web DBM component of SAP DB or MaxDB on the remote host reportedly contains a stack-based buffer overflow triggered when displaying user-supplied arguments as part of the 'DBM_INTERN_TEST' event. By sending an HTTP request with an argument - a cookie for example - exceeding 10,000 bytes, an unauthenticated, remote attacker can leverage this issue to execute arbitrary code on the affected host subject to the privileges of the 'wahttp' process.

Note that on Windows the 'wahttp' process runs with 'SYSTEM' privileges so a successful attack may result in a complete compromise of the affected system.

Solution

Upgrade to MaxDB version 7.5.00.44 / 7.6.00.37 or later.

See Also

https://www.securityfocus.com/archive/1/472891/30/0/threaded

http://www.nessus.org/u?18393408

Plugin Details

Severity: High

ID: 25681

File Name: webdbm_dbm_intern_test_overflow.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 7/10/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:sap:sap_db

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 7/5/2007

Vulnerability Publication Date: 7/6/2007

Exploitable With

Metasploit (SAP DB 7.4 WebTools Buffer Overflow)

Reference Information

CVE: CVE-2007-3614

BID: 24773