MySQL.MaxDB.WebDBM.Server.Buffer.Overflow
Description
This indicates an attack attempt to exploit a buffer-overflow vulnerability in SAP-DB and MaxDB.
The vulnerability is caused by insufficient checking of user-supplied input before the vulnerable software copies it to an insufficient buffer. It may allow remote attackers to execute arbitrary code via a long database name when connecting it with a WebDBM client.
Affected Products
SAP-DB SAP DB 0
MySQL MaxDB 7.6.00.22
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 amd64
Debian Linux 3.1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
For MaxDB:
Upgrade to the latest version (7.6.00.31 or later), available from the MySQL Web site.
For SAP-DB:
Contact your vendor for patch or upgrade information.
https://websmp106.sap-ag.de/~SAPIDP/002006825000000234912001E.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-10-16 | 13.473 | Sig Added |