Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22250
HistoryAug 04, 2009 - 12:00 a.m.

SAP Business One 2005 Remote Buffer Overflow Vulnerability.

2009-08-0400:00:00
vulners.com
23
JSON

Product: SAP Business One 2005

Vulnerable:

SAP Business One 2005 A (6.80.123) SP:00 PL:06
SAP Business One 2005 A (6.80.320) SP:01 PL:34

(Likely all 2005 versions are affected)

Not Vulnerable: SAP Business One 2007

Discovered By: Mike Arnold

Information:

NT_Naming_Service.exe (part of the License Manager for SAP Business One 2005) is vulnerable to a stack-based remote buffer
overflow allowing for full system compromise by an unauthenticated user that has TCP/IP access to SAP's license service on
TCP port 30000.

Sending a large GIOP request will cause a buffer overflow allowing for remote code execution.
NT_Naming_Service.exe runs with SYSTEM level privledges

Confirmed & Tested Vulnerable SAP Business One versions:

2005 A (6.80.123) SP:00 PL:06 (On Windows Server 2003 R2 Standard SP2)
2005 A (6.80.320) SP:01 PL:34 (On Windows Server 2003 R2 Enterprise SP2)

Proof of Concept exploit —> http://www.milw0rm.com/exploits/9319 .

The vendor has been notified, no patch has yet been released.

JSON