SAP GUI Can Be Crashed By Remote Users Connecting to the GUI's Listening Port
|
|
SecurityTracker Alert ID: 1003407
|
|
CVE Reference: CAN-2002-1579
(Links to External Site)
|
Updated: Mar 16 2004
|
Original Entry Date: Jan 31 2002
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Version(s): 4.6D; possibly earlier versions; tested on 46D Finale Release, File Version 4640.4.302.2172
|
Description: A denial of service vulnerability was reported in SAP's SAP GUI product. A remote user may be able to cause the SAP GUI to crash.
It is reported that, when the SAP GUI is configured to listen on a port (> 1024), a remote user can connect to the port to cause the SAP GUI to crash. The following error message is reportedly displayed:
"unknown connection data"
|
Impact: A remote user can cause the SAP GUI to crash.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.sap.com/solutions/technology/pdf/50036907.pdf (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Java, Linux (Any), MacOS, UNIX (Any), Windows (Any)
|
Underlying OS Comments: Tested only on Windows; Other operating systems may or may not be affected
|
Reported By: Falk Siemonsmeier <Falk.Siemonsmeier@t-online.de>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 28 Jan 2002 19:00:55 +0100
From: Falk Siemonsmeier <Falk.Siemonsmeier@t-online.de>
Subject: Sapgui 4.6D for Windows
|
The Sapgui 4.6D for Windows that we use at work, open a port
listen on a port <1024, wenn you connect to this port, maybee
with nmap or nc or something else, the sapgui crashed with
"unknown connection data". Can you reproduce this? Or is it a
local Problem?
Greetings
Falk
--
Falk Siemonsmeier /"\
Friedrich-Wilhelm-Str.12 \ / ASCII Ribbon Campaign
32457 Porta Westfalica x Say NO to HTML in email and news
Germany / \
|
|
