CVE-2003-0939

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Db
Vendor: CVE Published:; 15 December 2003

Summary

eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.

References

http://www.atstake.com/research/advisories/2003/a111703-1...

vendor-advisoryx_refsource_ATSTAKE

http://www.sapdb.org/7.4/new_relinfo.txt

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 15, 2003
Vulnerability Reserved
Nov 11, 2003