Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Maxdb | Sap | 7.6.0.37 (including) | 7.6.0.37 (including) |
| Maxdb-7.5.00 | Ubuntu | dapper | * |
| Maxdb-7.5.00 | Ubuntu | edgy | * |
| Maxdb-7.5.00 | Ubuntu | feisty | * |
| Maxdb-7.5.00 | Ubuntu | gutsy | * |
| Maxdb-7.5.00 | Ubuntu | upstream | * |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669
- http://secunia.com/advisories/29312
- http://www.securityfocus.com/bid/28183
- http://www.securitytracker.com/id?1019571
- http://www.vupen.com/english/advisories/2008/0844/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41107
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669
- http://secunia.com/advisories/29312
- http://www.securityfocus.com/bid/28183
- http://www.securitytracker.com/id?1019571
- http://www.vupen.com/english/advisories/2008/0844/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41107