SAPlpd < 6.29 Multiple Vulnerabilities (credentialed check)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a program affected by multiple
vulnerabilities.

Description :

SAP GUI is installed on the remote host. It is the GUI client
component used with SAP ERP / SAP R/3 enterprise resource planning
software.

The installation of SAP GUI on the remote host includes a print
server, SAPlpd, that is affected by several denial of service and
buffer overflow vulnerabilities. An unauthenticated, remote attacker
can leverage these issues to crash the affected service or to execute
arbitrary code on the affected host subject to the privileges under
which it operates.

See also :

http://aluigi.altervista.org/adv/saplpdz-adv.txt
http://seclists.org/bugtraq/2008/Feb/27
http://seclists.org/bugtraq/2008/Feb/34

Solution :

Upgrade to SAPlpd version 6.29 or later by updating to SAP GUI for
Windows version 7.10 Patchlevel 6 / 6.30 Patchlevel 30 / 6.20
Patchlevel 72 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 31122 ()

Bugtraq ID: 27613

CVE ID: CVE-2008-0620
CVE-2008-0621

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now