CVE Vulnerabilities

CVE-2005-4815

Published: Dec 31, 2005 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the FX SAP R/3 gwrd vuln.

Affected Software

Name Vendor Start Version End Version
Sap_r_3 Sap 45_before_patch_913 45_before_patch_913
Sap_r_3 Sap 6.4_before_patch_4 6.4_before_patch_4
Sap_r_3 Sap 40_before_patch_1008 40_before_patch_1008
Sap_r_3 Sap 4.6_before_patch_1767 4.6_before_patch_1767
Sap_r_3 Sap 6.2_before_patch_1364 6.2_before_patch_1364
Sap_r_3 Sap 31_before_31i_patch_735 31_before_31i_patch_735

References