Vulnerability Note VU#305657
SAP Message Server heap buffer overflow
The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.
The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer overflow vulnerability exists in the Message Server. This vulnerability can be exploited by sending a request with a malformed group parameter to a vulnerable Message Server.
The SAP Message Server listens on TCP ports 3600 and 8100 (HTTP) by default. The Message Server may also open a port for HTTPS. If multiple instances of the Message Server are deployed on the same network, they are allocated ports based on instance number.
By sending a specially crafted request to a vulnerable SAP Message Server, a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|SAP||Affected||-||09 Jul 2007|
CVSS Metrics (Learn More)
This vulnerability was reported by Mark Litchfield of NGSSoftware.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2007-3624
- Date Public: 05 Jul 2007
- Date First Published: 09 Jul 2007
- Date Last Updated: 16 Jul 2007
- Severity Metric: 17.01
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.