CVE-2006-4133
SAP Internet Graphics Service 6.40 and 7.00 - Remote Code Execution via ADM:GETLOGFILE Command
Title source: llmDescription
Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation.
References (12)
Core 12
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/472889/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19470
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3267
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457286/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016675
Various Sources x_refsource_misc
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28334
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442840/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017534
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21448
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1386
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/259540
Scores
EPSS
0.1800
EPSS Percentile
95.3%
Details
Status
published
Products (4)
sap/internet_graphics_server
6.40
sap/internet_graphics_server
6.40_patch_11
sap/internet_graphics_server
6.40_patch_15
sap/internet_graphics_server
7.00_patch_3
Published
Aug 14, 2006
Tracked Since
Feb 18, 2026