SAPlpd < 6.29 Multiple Vulnerabilities (credentialed check)
Critical Nessus Plugin ID 31122
SynopsisThe remote Windows host contains a program affected by multiple vulnerabilities.
DescriptionSAP GUI is installed on the remote host. It is the GUI client component used with SAP ERP / SAP R/3 enterprise resource planning software.
The installation of SAP GUI on the remote host includes a print server, SAPlpd, that is affected by several denial of service and buffer overflow vulnerabilities. An unauthenticated, remote attacker can leverage these issues to crash the affected service or to execute arbitrary code on the affected host subject to the privileges under which it operates.
SolutionUpgrade to SAPlpd version 6.29 or later by updating to SAP GUI for Windows version 7.10 Patchlevel 6 / 6.30 Patchlevel 30 / 6.20 Patchlevel 72 or later.