SAPlpd < 6.29 Multiple Vulnerabilities (credentialed check)

critical Nessus Plugin ID 31122

Synopsis

The remote Windows host contains a program affected by multiple vulnerabilities.

Description

SAP GUI is installed on the remote host. It is the GUI client component used with SAP ERP / SAP R/3 enterprise resource planning software.

The installation of SAP GUI on the remote host includes a print server, SAPlpd, that is affected by several denial of service and buffer overflow vulnerabilities. An unauthenticated, remote attacker can leverage these issues to crash the affected service or to execute arbitrary code on the affected host subject to the privileges under which it operates.

Solution

Upgrade to SAPlpd version 6.29 or later by updating to SAP GUI for Windows version 7.10 Patchlevel 6 / 6.30 Patchlevel 30 / 6.20 Patchlevel 72 or later.

See Also

http://aluigi.altervista.org/adv/saplpdz-adv.txt

https://seclists.org/bugtraq/2008/Feb/27

https://seclists.org/bugtraq/2008/Feb/34

Plugin Details

Severity: Critical

ID: 31122

File Name: saplpd_6_29_creds.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 2/20/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:sap:saplpd, cpe:/a:sap:sapgui

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Metasploit (SAP SAPLPD 6.28 Buffer Overflow)

Reference Information

CVE: CVE-2008-0620, CVE-2008-0621

BID: 27613

CWE: 119

Secunia: 28786