Vulnerability Description
eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Sap Db | <= 7.4.03.27 |
References
- http://www.atstake.com/research/advisories/2003/a111703-1.txtExploitPatchVendor Advisory
- http://www.sapdb.org/7.4/new_relinfo.txt
- http://www.atstake.com/research/advisories/2003/a111703-1.txtExploitPatchVendor Advisory
- http://www.sapdb.org/7.4/new_relinfo.txt
FAQ
What is CVE-2003-0939?
CVE-2003-0939 is a vulnerability with a CVSS score of 7.5 (HIGH). eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the n...
How severe is CVE-2003-0939?
CVE-2003-0939 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0939?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Sap Db.