• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1800603 - Potential remote code execution in Message Server

Главная Специалистам База уязвимостей Note 1800603 - Potential remote code execution in Message Server

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:C/I:C/A:CSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1800603-5) SAP Support Packages (SAP_KERNEL_720_32_BIT_SP402_000402, SAP_KERNEL_720_32_BIT_SP999999_999999, SAP_KERNEL_720_32_BIT_UNICODE_SP402_000402, SAP_KERNEL_720_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_720_64_BIT_SP402_000402, SAP_KERNEL_720_64_BIT_SP999999_999999, SAP_KERNEL_720_64_BIT_UNICODE_SP402_000402, SAP_KERNEL_720_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_720_EXT_64_BIT_SP402_000402, SAP_KERNEL_720_EXT_64_BIT_SP999999_999999, SAP_KERNEL_720_EXT_64_BIT_UC_SP402_000402, SAP_KERNEL_720_EXT_64_BIT_UC_SP999999_999999, SAP_KERNEL_721_32_BIT_SP042_000042, SAP_KERNEL_721_32_BIT_SP999999_999999, SAP_KERNEL_721_32_BIT_UNICODE_SP042_000042, SAP_KERNEL_721_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_64_BIT_SP042_000042, SAP_KERNEL_721_64_BIT_SP999999_999999, SAP_KERNEL_721_64_BIT_UNICODE_SP042_000042, SAP_KERNEL_721_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_SP042_000042, SAP_KERNEL_721_EXT_64_BIT_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_UC_SP042_000042, SAP_KERNEL_721_EXT_64_BIT_UC_SP999999_999999, SAP_KERNEL_738_64_BIT_SP007_000007, SAP_KERNEL_738_64_BIT_SP999999_999999, SAP_KERNEL_738_64_BIT_UNICODE_SP007_000007, SAP_KERNEL_738_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_804_64_BIT_UNICODE_SP027_000027, SAP_KERNEL_804_64_BIT_UNICODE_SP999999_999999)
Описание
A buffer overflow vulnerability exists in message server. This enables  an attacker to inject code into the working memory that is subsequently  executed by the application. It can also be used to cause a general fault in the product, causing the product to terminate.
Как исправить
This vulnerability is fixed with the kernel patch level assigned to this note or higher. Since the vulnerability affects only the message server, it is safe to exchange just the message server executable with the new one. For kernel releases 720 and 721 a fixed version of the SP stack kernel will be provided.Kernel 720 PL#402 already contains the correction
Ссылки