Detections
Analytics
SAP DB / MaxDB WebDBM Client Database Name Remote Overflow
critical Nessus Plugin ID 22309
Language:
Synopsis
The remote web server is prone to a buffer overflow attack.Description
The remote host is running SAP DB or MaxDB, a SAP-certified open- source database supporting OLTP and OLAP.According to its version, the Web DBM component of MaxDB on the remote host reportedly contains a buffer overflow that can be triggered by an HTTP request containing a long database name. An unauthenticated remote attacker may be able to exploit this flaw to execute arbitrary code on the affected host subject to the privileges of the 'wahttp' process.
Note that on Windows the 'wahttp' process runs with 'SYSTEM' privileges so a successful attack may result in a complete compromise of the affected system.
Solution
Upgrade to Web DBM version 7.6.00.31 or later as that is reported to fix the issue.See Also
http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2006-009.txt
https://www.securityfocus.com/archive/1/444601/30/0/threaded
Plugin Details
Severity: Critical
ID: 22309
File Name: webdbm_database_overflow.nasl
Version: 1.19
Type: remote
Family: CGI abuses
Published: 9/6/2006
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.3
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Exploit Ease: No exploit is required
Patch Publication Date: 8/29/2006
Vulnerability Publication Date: 8/29/2006
Exploitable With
Metasploit (MaxDB WebDBM Database Parameter Overflow)
Reference Information
CVE: CVE-2006-4305
BID: 19660