| New User, Welcome! Login |
Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability
| From: |
Steve Shockley <steve shockley shockley net> |
| To: |
ZDI Disclosures <zdi-disclosures tippingpoint com> |
| Cc: |
"'bugtraq securityfocus com'" <bugtraq securityfocus com> |
| Subject: |
Re: Correction to: ZDI-10-151: SAP Crystal Reports 2008 GIOP Message Size Integer Overflow Remote Code Execution Vulnerability |
| Date: |
Fri - Aug 13, 2010 07:43 AM |
On 8/11/2010 12:12 PM, ZDI Disclosures wrote:
> The specific flaw exists within the ebus-3-3-2-6.dll module responsible for parsing GIOP requests for multiple processes.
Does this affect only version 3.3.2.6?
> -- Vendor Response:
> SAP has issued an update to correct this vulnerability. More details can be found at:
>
> https://service.sap.com/sap/support/notes/1473327
Do they have a public version of the advisory? This one seems to
require a login.
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
