Sign-up

ID

VAR-200802-0423


CVE

CVE-2008-0621


TITLE

SAP GUI and SAPSprint include SAPLPD Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2008-005442

DESCRIPTION

Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands. SAPlpd and SAPSprint are prone to multiple remote vulnerabilities. Very little information is currently available. We will update this BID as more information emerges. Successfully exploiting these issues allows remote attackers to crash the service and potentially to execute arbitrary code. This may facilitate the complete compromise of affected computers. The following versions are affected: - SAPlpd as included with SAP GUI 7.10 (and earlier) - Versions prior to SAPSprint 1018 This issue is reportedly documented in SAP Note 1138934. PROVIDED AND/OR DISCOVERED BY: Originally reported in SAPLPD by Luigi Auriemma. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: SAP GUI SAPLPD Multiple Vulnerabilities SECUNIA ADVISORY ID: SA28786 VERIFY ADVISORY: http://secunia.com/advisories/28786/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: SAP GUI 7.x http://secunia.com/product/16959/ DESCRIPTION: Luigi Auriemma has discovered some vulnerabilities in SAP GUI, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. 1) Multiple boundary errors exist in the SAPLPD server when processing LPD commands. Successful exploitation may allow execution of arbitrary code. 2) An error in SAPLPD when processing the 0x53 LPD command code can be exploited to terminate an affected server. Other versions may also be affected. SOLUTION: Restrict access to TCP port 515. The vendor will reportedly release a patch soon. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/saplpdz-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-0621 // JVNDB: JVNDB-2008-005442 // BID: 27613 // PACKETSTORM: 63373 // PACKETSTORM: 63283

AFFECTED PRODUCTS

vendor:sapmodel:sapguiscope:eqversion:7.10

Trust: 2.4

vendor:sapmodel:saplpdscope:lteversion:6.28

Trust: 1.8

vendor:sapmodel:sapsprintscope:eqversion:*

Trust: 1.0

vendor:sapmodel:saplpdscope:eqversion:6.28

Trust: 0.9

vendor:sapmodel:sapsprintscope:ltversion:1018

Trust: 0.8

vendor:sapmodel:sapsprintscope: - version: -

Trust: 0.6

vendor:sapmodel:sapsprintscope:eqversion:0

Trust: 0.3

vendor:sapmodel:saplpdscope:eqversion:0

Trust: 0.3

vendor:sapmodel:sapsprintscope:neversion:1018

Trust: 0.3

vendor:sapmodel:gui for windows patch levelscope:neversion:7.006

Trust: 0.3

vendor:sapmodel:gui for windows patch levelscope:neversion:6.4030

Trust: 0.3

vendor:sapmodel:gui for windows patch levelscope:neversion:6.2072

Trust: 0.3

sources: BID: 27613 // JVNDB: JVNDB-2008-005442 // CNNVD: CNNVD-200802-088 // NVD: CVE-2008-0621

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0621
value: HIGH

Trust: 1.0

NVD: CVE-2008-0621
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200802-088
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2008-0621
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2008-005442 // CNNVD: CNNVD-200802-088 // NVD: CVE-2008-0621

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2008-005442 // NVD: CVE-2008-0621

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200802-088

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200802-088

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-005442

PATCH
title:SAP GUIurl:http://sapdocs.info/sap/other/download-sap-gui-7-20/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-005442

EXTERNAL IDS
db:NVDid:CVE-2008-0621
Trust: 2.7
db:BIDid:27613
Trust: 1.9
db:SECUNIAid:28811
Trust: 1.7
db:SECUNIAid:28786
Trust: 1.7
db:VUPENid:ADV-2008-0438
Trust: 1.6
db:VUPENid:ADV-2008-0409
Trust: 1.6
db:SECTRACKid:1019300
Trust: 1.6
db:EXPLOIT-DBid:5079
Trust: 1.6
db:SREASONid:3619
Trust: 1.6
db:JVNDBid:JVNDB-2008-005442
Trust: 0.8
db:MILW0RMid:5079
Trust: 0.6
db:BUGTRAQid:20080204 MULTIPLE VULNERABILITIES IN SAPLPD 6.28
Trust: 0.6
db:BUGTRAQid:20080205 RE: MULTIPLE VULNERABILITIES IN SAPLPD 6.28
Trust: 0.6
db:CNNVDid:CNNVD-200802-088
Trust: 0.6
db:PACKETSTORMid:63373
Trust: 0.1
db:PACKETSTORMid:63283
Trust: 0.1
sources:
            
            
            BID: 27613 // 
            
            
            
            JVNDB: JVNDB-2008-005442 // 
            
            
            
            PACKETSTORM: 63373 // 
            
            
            
            PACKETSTORM: 63283 // 
            
            
            
            CNNVD: CNNVD-200802-088 // 
            
            
            
            NVD: CVE-2008-0621

REFERENCES
url:http://www.securitytracker.com/id?1019300
Trust: 1.6
url:http://www.securityfocus.com/bid/27613
Trust: 1.6
url:http://secunia.com/advisories/28786
Trust: 1.6
url:http://securityreason.com/securityalert/3619
Trust: 1.6
url:http://secunia.com/advisories/28811
Trust: 1.6
url:http://www.securityfocus.com/archive/1/487508/100/0/threaded
Trust: 1.0
url:http://www.vupen.com/english/advisories/2008/0438
Trust: 1.0
url:https://www.exploit-db.com/exploits/5079
Trust: 1.0
url:http://www.securityfocus.com/archive/1/487575/100/0/threaded
Trust: 1.0
url:http://www.vupen.com/english/advisories/2008/0409
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0621
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0621
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/487575/100/0/threaded
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/487508/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/0409
Trust: 0.6
url:http://www.milw0rm.com/exploits/5079
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/0438
Trust: 0.6
url:/archive/1/487508
Trust: 0.3
url:/archive/1/487575
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/advisories/28786/
Trust: 0.2
url:https://psi.secunia.com/?page=changelog
Trust: 0.2
url:https://psi.secunia.com/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/about_secunia_advisories/
Trust: 0.2
url:http://secunia.com/advisories/28811/
Trust: 0.1
url:http://secunia.com/product/17480/
Trust: 0.1
url:http://secunia.com/product/16959/
Trust: 0.1
url:http://aluigi.altervista.org/adv/saplpdz-adv.txt
Trust: 0.1
sources:
            
            
            BID: 27613 // 
            
            
            
            JVNDB: JVNDB-2008-005442 // 
            
            
            
            PACKETSTORM: 63373 // 
            
            
            
            PACKETSTORM: 63283 // 
            
            
            
            CNNVD: CNNVD-200802-088 // 
            
            
            
            NVD: CVE-2008-0621

CREDITS
Luigi Auriemma  aluigi@pivx.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200802-088

SOURCES
db:BIDid:27613
db:JVNDBid:JVNDB-2008-005442
db:PACKETSTORMid:63373
db:PACKETSTORMid:63283
db:CNNVDid:CNNVD-200802-088
db:NVDid:CVE-2008-0621

LAST UPDATE DATE
2025-04-10T23:07:16.132000+00:00

SOURCES UPDATE DATE
db:BIDid:27613date:2016-07-05T22:00:00
db:JVNDBid:JVNDB-2008-005442date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200802-088date:2008-09-05T00:00:00
db:NVDid:CVE-2008-0621date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:BIDid:27613date:2008-02-04T00:00:00
db:JVNDBid:JVNDB-2008-005442date:2012-12-20T00:00:00
db:PACKETSTORMid:63373date:2008-02-08T01:19:15
db:PACKETSTORMid:63283date:2008-02-05T23:02:25
db:CNNVDid:CNNVD-200802-088date:2008-02-06T00:00:00
db:NVDid:CVE-2008-0621date:2008-02-06T12:00:00