Secunia Security Advisory - A vulnerability has been reported in SAP Web Application Server, which can be exploited by malicious users to compromise a vulnerable system.
12a4c5b3339a8a13175511c5390c168f84bce4e9b554d329ad4f7ca6bc1f8794
----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
SAP Web Application Server Integrated ITS Buffer Overflow
SECUNIA ADVISORY ID:
SA38172
VERIFY ADVISORY:
http://secunia.com/advisories/38172/
DESCRIPTION:
A vulnerability has been reported in SAP Web Application Server,
which can be exploited by malicious users to compromise a vulnerable
system.
The vulnerability is caused due to an unspecified error in the
Integrated ITS (Internet Transaction Server) and can be exploited to
cause a buffer overflow.
Successful exploitation may allow execution of arbitrary code, but
requires authentication.
SOLUTION:
Update to SAP Kernel 6.40 Patch Level 312, SAP Kernel 7.00 Patch
Level 235, or SAP Kernel 7.01 Patch Level 72 (please see SAP Note
1414112 for details).
PROVIDED AND/OR DISCOVERED BY:
Mariano Nuñez Di Croce, Onapsis Research Labs
ORIGINAL ADVISORY:
http://archives.neohapsis.com/archives/fulldisclosure/current/0353.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------