Lucene search
RootSSV:2947HistoryFeb 26, 2008 - 12:00 a.m.
SAPlpd多个远程溢出及拒绝服务漏洞
2008-02-2600:00:00
Root
www.seebug.org
32
0.808 High
EPSS
Percentile
98.3%
BUGTRAQ ID: 27613
CVE(CAN) ID: CVE-2008-0620,CVE-2008-0621
SAPlpd是SAP GUI软件包中所捆绑的Windows平台行市打印机守护程序。
SAPLPD服务程序在处理LPD命令时存在多个缓冲区溢出漏洞,远程攻击者可能利用这些漏洞控制服务器或导致服务不可用。
如果向0x01、0x02、0x03、0x04、0x05、0x31、0x32、0x33、0x34和0x35 LPD命令传送了超长参数的话,就可以触发这些溢出,导致执行任意指令;如果向0x53 LPD命令传送了畸形参数,还可能导致服务器终止。
SAP SAPlpd <= 6.28
SAP SAPSprint 1018
SAP GUI for Windows 7.10
SAP GUI for Windows 6.40 Patchlevel 29
厂商补丁:
SAP
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.sap.com/” target=“_blank”>http://www.sap.com/</a>
http://aluigi.org/poc/saplpdz.zip
http://www.milw0rm.com/exploits/5079
Related
nessus
nessus
SAPlpd < 6.29 Multiple Vulnerabilities (credentialed check)
2008-02-20 00:00:00
SAPlpd < 6.29 Multiple Vulnerabilities
2008-02-20 00:00:00
cve
cve
CVE-2008-0621
2008-02-06 12:00:00
CVE-2008-0620
2008-02-06 12:00:00
packetstorm
packetstorm
SAP SAPLPD 6.28 Buffer Overflow
2009-11-26 00:00:00
prion
prion
Buffer overflow
2008-02-06 12:00:00
Command injection
2008-02-06 12:00:00
nvd
nvd
CVE-2008-0620
2008-02-06 12:00:00
CVE-2008-0621
2008-02-06 12:00:00
cvelist
cvelist
CVE-2008-0620
2008-02-06 11:00:00
CVE-2008-0621
2008-02-06 11:00:00
d2
d2
DSquare Exploit Pack: D2SEC_SAPLPD
2008-02-06 12:00:00