1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. TCP SAP Malformed Handshake

TCP SAP Malformed Handshake

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This Signature detects SAP MaxDB Malformed Handshake Request exploit.

Additional Information

SAP MaxDB is a database application available for multiple platforms.

MaxDB is prone to an unspecified remote code-execution vulnerability because it fails to sufficiently validate user-supplied input. Specifically, the 'serv.exe' application uses data supplied from a packet as a length when copying data to the stack. By default, 'serv.exe' listens on TCP port 7210.

An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.

Affected

  • SAP MaxDB

Response

Vendor updates are available through SAP note 1409425; please contact the vendor for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube