Remote Code Execution Vulnerability in SAP Products
CVE-2005-4815

Currently unrated

Key Information:

Vendor

SAP
Status
SAP R 3
Vendor
CVE Published:
31 December 2005

What is CVE-2005-4815?

SAP products, including versions prior to specified patches, suffer from a vulnerability due to inadequate restrictions on process execution by lnaxdm/sapsys. This flaw allows remote attackers to execute arbitrary code by sending specially crafted UDP packets that conclude with the name of a local executable file, thereby compromising the security of the SAP environment. Organizations using affected versions of SAP software should prioritize applying the relevant patches to mitigate the risk associated with this vulnerability.

References

http://lists.virus.org/darklab-0509/msg00017.html
mailing-listx_refsource_MLIST
http://lists.virus.org/darklab-0509/msg00011.html
mailing-listx_refsource_MLIST
http://lists.darklab.org/pipermail/darklab/2006-January/0...
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
CVE-2005-4815 : Remote Code Execution Vulnerability in SAP Products