CVE-2008-0307 - Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remot

CVE-2008-0307

Summary

Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and possibly other versions, allows remote attackers to execute arbitrary code via unknown vectors that trigger heap corruption.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669
http://secunia.com/advisories/29312
http://www.securityfocus.com/bid/28183
http://www.securitytracker.com/id?1019571
http://www.vupen.com/english/advisories/2008/0844/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41107

Vulnerable Configurations

cpe:2.3:a:sap:maxdb:7.6.0.37:*:*:*:*:*:*:*
cpe:2.3:a:sap:maxdb:7.6.0.37:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 08-08-2017 - 01:29)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	28183
idefense	20080310 SAP MaxDB Signedness Error Heap Corruption Vulnerability
sectrack	1019571
secunia	29312
vupen	ADV-2008-0844
xf	maxdb-vserver-code-execution(41107)

Last major update

08-08-2017 - 01:29

Published

11-03-2008 - 23:44

Last modified

08-08-2017 - 01:29