漏洞信息详情
SAP Crystal Reports 'ebus-3-3-2-6.dll'模块数字错误漏洞
- CNNVD编号:CNNVD-201008-184
- 危害等级: 超危
- CVE编号: CVE-2010-3032
- 漏洞类型: 数字错误
- 发布时间: 2010-08-23
- 威胁类型: 远程
- 更新时间: 2010-08-23
- 厂 商: sap
- 漏洞来源:
漏洞简介
SAP Crystal Reports 2008中的ebus-3-3-2-6.dll模块中的OBGIOPServerWorker::extractHeader函数存在整数溢出漏洞。远程攻击者可以借助特制大小的GIOP数据包导致拒绝服务(崩溃)和可能执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
https://websmp130.sap-ag.de/sap/support/notes/1473327
参考网址
来源: service.sap.com
链接:https://service.sap.com/sap/support/notes/1473327
来源: XF
名称: sap-crystal-giop-bo(61065)
链接:http://xforce.iss.net/xforce/xfdb/61065
来源: VUPEN
名称: ADV-2010-2074
链接:http://www.vupen.com/english/advisories/2010/2074
来源: SECTRACK
名称: 1024334
链接:http://www.securitytracker.com/id?1024334
来源: BID
名称: 42374
链接:http://www.securityfocus.com/bid/42374
来源: BUGTRAQ
名称: 20100813 Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/513103/100/0/threaded
来源: BUGTRAQ
名称: 20100811 RE: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/513024/100/0/threaded
来源: BUGTRAQ
名称: 20100811 ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/513023/100/0/threaded
来源: SECUNIA
名称: 40960
链接:http://secunia.com/advisories/40960
来源: OSVDB
名称: 67080
链接:http://osvdb.org/67080
来源: dvlabs.tippingpoint.com
链接:http://dvlabs.tippingpoint.com/advisory/TPTI-10-07
受影响实体
- Sap Crystal_reports:2008
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论