Buffer Overflow Vulnerability in SAP Database Server
CVE-2003-0939

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Db
Vendor: CVE Published:; 15 December 2003

What is CVE-2003-0939?

The SAP Database Server is vulnerable to a buffer overflow exploit that allows remote attackers to execute arbitrary code. Specifically, the vulnerability lies in the eo420_GetStringFromVarPart function within the veo420.c file. As a result of improperly handling a connect packet with a 256 byte segment in the niserv.exe process on TCP port 7269, the server fails to terminate the string correctly. This flaw can be exploited by sending specially crafted packets, potentially leading to unauthorized command execution on the affected server.

References

http://www.atstake.com/research/advisories/2003/a111703-1...

vendor-advisoryx_refsource_ATSTAKE

http://www.sapdb.org/7.4/new_relinfo.txt

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 15, 2003
Vulnerability Reserved
Nov 11, 2003