The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.
The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer overflow vulnerability exists in the Message Server. This vulnerability can be exploited by sending a request with a malformed group parameter to a vulnerable Message Server.
The SAP Message Server listens on TCP ports 3600 and 8100 (HTTP) by default. The Message Server may also open a port for HTTPS. If multiple instances of the Message Server are deployed on the same network, they are allocated ports based on instance number.
By sending a specially crafted request to a vulnerable SAP Message Server, a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.
This vulnerability was reported by Mark Litchfield of NGSSoftware
This document was written by Jeff Gennari.
|Date First Published:||2007-07-09|
|Date Last Updated:||2007-07-16 15:08 UTC|