Secunia Logo  
 Vulnerability InformationVulnerability ScanningCommunityBlog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Information > Secunia Advisories > CVE-2006-4133
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About


Secunia PSI WorldMap 		 
CVE Reference: CVE-2006-4133
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2006-4133

Description:
Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/28334

ST
  1016675
  1017534

SREASON
  http://securityreason.com/securityalert/1386

SAID
  Secunia Advisory: SA21448

MISC
  http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf

CERT-VN
  259540

BUGTRAQ
  http://www.securityfocus.com/archive/1/archive/1/472889/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/457286/100/0/threaded
  http://www.securityfocus.com/archive/1/archive/1/442840/100/0/threaded

BID
  19470


Return to the previous page.


Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs (open positions) | About Secunia
Copyright Secunia 2002-2009