[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability

To: ZDI Disclosures <zdi-disclosures@xxxxxxxxxxxxxxxx>
Subject: Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
From: Steve Shockley <steve.shockley@xxxxxxxxxxxx>
Date: Fri, 13 Aug 2010 10:26:43 -0400

On 8/11/2010 12:12 PM, ZDI Disclosures wrote:

The specific flaw exists within the ebus-3-3-2-6.dll module responsible for 
parsing GIOP requests for multiple processes.


Does this affect only version 3.3.2.6?

-- Vendor Response:
SAP has issued an update to correct this vulnerability. More details can be 
found at:

https://service.sap.com/sap/support/notes/1473327

Do they have a public version of the advisory? This one seems torequire a login.

References:
- ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
  - From: ZDI Disclosures
- RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
  - From: ZDI Disclosures

Prev by Date: Secunia Research: SWFTools Two Integer Overflow Vulnerabilities
Next by Date: iDefense Security Advisory 08.10.10: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability
Previous by thread: RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
Next by thread: Cisco Security Advisory: Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine
Index(es):
- Date
- Thread