SAP DB / MaxDB WebDBM Client Database Name Remote Overflow

critical Nessus Plugin ID 22309

Synopsis

The remote web server is prone to a buffer overflow attack.

Description

The remote host is running SAP DB or MaxDB, a SAP-certified open- source database supporting OLTP and OLAP.

According to its version, the Web DBM component of MaxDB on the remote host reportedly contains a buffer overflow that can be triggered by an HTTP request containing a long database name. An unauthenticated remote attacker may be able to exploit this flaw to execute arbitrary code on the affected host subject to the privileges of the 'wahttp' process.

Note that on Windows the 'wahttp' process runs with 'SYSTEM' privileges so a successful attack may result in a complete compromise of the affected system.

Solution

Upgrade to Web DBM version 7.6.00.31 or later as that is reported to fix the issue.

See Also

http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2006-009.txt

https://www.securityfocus.com/archive/1/444601/30/0/threaded

Plugin Details

Severity: Critical

ID: 22309

File Name: webdbm_database_overflow.nasl

Version: 1.19

Type: remote

Family: CGI abuses

Published: 9/6/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No exploit is required

Patch Publication Date: 8/29/2006

Vulnerability Publication Date: 8/29/2006

Exploitable With

Metasploit (MaxDB WebDBM Database Parameter Overflow)

Reference Information

CVE: CVE-2006-4305

BID: 19660