1. CVE-Search
  2. CVE-2006-4133
ID CVE-2006-4133
Summary Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation. Upgrade patches
References
Vulnerable Configurations
  • cpe:2.3:a:sap:internet_graphics_server:6.40:*:*:*:*:*:*:*
    cpe:2.3:a:sap:internet_graphics_server:6.40:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:internet_graphics_server:6.40_patch_11:*:*:*:*:*:*:*
    cpe:2.3:a:sap:internet_graphics_server:6.40_patch_11:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:internet_graphics_server:6.40_patch_15:*:*:*:*:*:*:*
    cpe:2.3:a:sap:internet_graphics_server:6.40_patch_15:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:internet_graphics_server:7.00_patch_3:*:*:*:*:*:*:*
    cpe:2.3:a:sap:internet_graphics_server:7.00_patch_3:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19470
bugtraq
  • 20060810 CYBSEC - Security Pre-Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow
  • 20070118 CYBSEC - Security Advisory: SAP Internet Graphics Service (IGS) Remote Buffer Overflow
  • 20070705 SAP Internet Graphics Server XSS and Heap Overflow
cert-vn VU#259540
misc http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf
sectrack
  • 1016675
  • 1017534
secunia 21448
sreason 1386
vupen ADV-2006-3267
xf sap-igs-http-bo(28334)
Last major update 17-10-2018 - 21:33
Published 14-08-2006 - 23:04
Last modified 17-10-2018 - 21:33
Back to Top