Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:C/I:C/A:CSAP)
Производитель ПО
Наименование ПО
SAP Notes
(1800603-5)
SAP Support Packages
(SAP_KERNEL_720_32_BIT_SP402_000402, SAP_KERNEL_720_32_BIT_SP999999_999999, SAP_KERNEL_720_32_BIT_UNICODE_SP402_000402, SAP_KERNEL_720_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_720_64_BIT_SP402_000402, SAP_KERNEL_720_64_BIT_SP999999_999999, SAP_KERNEL_720_64_BIT_UNICODE_SP402_000402, SAP_KERNEL_720_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_720_EXT_64_BIT_SP402_000402, SAP_KERNEL_720_EXT_64_BIT_SP999999_999999, SAP_KERNEL_720_EXT_64_BIT_UC_SP402_000402, SAP_KERNEL_720_EXT_64_BIT_UC_SP999999_999999, SAP_KERNEL_721_32_BIT_SP042_000042, SAP_KERNEL_721_32_BIT_SP999999_999999, SAP_KERNEL_721_32_BIT_UNICODE_SP042_000042, SAP_KERNEL_721_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_64_BIT_SP042_000042, SAP_KERNEL_721_64_BIT_SP999999_999999, SAP_KERNEL_721_64_BIT_UNICODE_SP042_000042, SAP_KERNEL_721_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_SP042_000042, SAP_KERNEL_721_EXT_64_BIT_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_UC_SP042_000042, SAP_KERNEL_721_EXT_64_BIT_UC_SP999999_999999, SAP_KERNEL_738_64_BIT_SP007_000007, SAP_KERNEL_738_64_BIT_SP999999_999999, SAP_KERNEL_738_64_BIT_UNICODE_SP007_000007, SAP_KERNEL_738_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_804_64_BIT_UNICODE_SP027_000027, SAP_KERNEL_804_64_BIT_UNICODE_SP999999_999999)
Описание
A buffer overflow vulnerability exists in message server. This enables an attacker to inject code into the working memory that is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.
Как исправить
This vulnerability is fixed with the kernel patch level assigned to this note or higher. Since the vulnerability affects only the message server, it is safe to exchange just the message server executable with the new one. For kernel releases 720 and 721 a fixed version of the SP stack kernel will be provided.Kernel 720 PL#402 already contains the correction
Ссылки