iDefense Security Advisory 03.10.08 - Remote exploitation of a signedness error in the "vserver" component of SAP AG's MaxDB could allow attackers to execute arbitrary code. After accepting a connection, the "vserver" process forks and reads parameters from the client into various structures. When doing so, it trusts values sent from the client to be valid. By sending a specially crafted request, an attacker can cause heap corruption. This leads to a potentially exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on Linux. Other versions may also be affected.
5056f2863ba140bae005f3c4d0de93a71191bb4c6a5c44d80d5b9c3fc09aa6c1