Signature Detail
Short Name |
DB:MYSQL:MAXDB-CMD |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
SAP MaxDB Remote Arbitrary Commands Execution |
Release Date |
2010/09/16 |
Update Number |
1774 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DB: SAP MaxDB Remote Arbitrary Commands Execution
This signature detects attempts to exploit a known vulnerability against SAP MaxDB. A successful attack can lead to arbitrary code execution.
Extended Description
SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. Successfully exploiting this issue allows remote attackers to execute arbitrary shell commands with the privileges of the database server. Multiple database commands expose this issue, including one that is available prior to authentication. MaxDB 7.6.03 build 007 is vulnerable to this issue; other versions may also be affected.
Affected Products
- SAP MaxDB 7.6.03 build 007
References
- BugTraq: 27206
- CVE: CVE-2008-0244