Bugtraq mailing list archives
Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
From: Steve Shockley <steve.shockley () shockley net>
Date: Fri, 13 Aug 2010 10:26:43 -0400
On 8/11/2010 12:12 PM, ZDI Disclosures wrote:
The specific flaw exists within the ebus-3-3-2-6.dll module responsible for parsing GIOP requests for multiple processes.
Does this affect only version 3.3.2.6?
-- Vendor Response: SAP has issued an update to correct this vulnerability. More details can be found at: https://service.sap.com/sap/support/notes/1473327
Do they have a public version of the advisory? This one seems to require a login.
Current thread:
- ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures (Aug 11)
- RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures (Aug 11)
- Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability Steve Shockley (Aug 13)
- RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability ZDI Disclosures (Aug 11)