CVE-2003-0939
SAP DB < 7.4.03.27 - Remote Code Execution via Malformed Connect Packet
Title source: llmDescription
eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.
References (2)
Core 2
Core References
Exploit, Patch, Vendor Advisory vendor-advisory
x_refsource_atstake
http://www.atstake.com/research/advisories/2003/a111703-1.txt
Various Sources x_refsource_confirm
http://www.sapdb.org/7.4/new_relinfo.txt
Scores
EPSS
0.0456
EPSS Percentile
89.3%
Details
Status
published
Products (1)
sap/sap_db
< 7.4.03.27
Published
Dec 15, 2003
Tracked Since
Feb 18, 2026