A connection from a WebDBM Client to the DBM Server causes a buffer overflow when the given database name is too large. This can result in the execution of arbitrary code in the context of the database server.
SAP-DB/MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage which offers high reliability, availability, scalability and a very comprehensive feature set. It is targeted for large mySAP Business Suite environments and other applications that require maximum enterprise-level database functionality and complements the MySQL database server.
A remotely exploitable vulnerability exists in MaxDB's WebDBM. Due to an input validation error, it is possible to execute arbitrary code with the privileges of the 'wahttp' process by sending a malformed HTTP request. Authentication is not required for successful exploitation to occur.
Vendor Response:
The above vulnerability has been fixed in the latest release of the product, MaxDB 7.6.00.31.
If there are any further questions about this statement, please contact mysql-MaxDB support.
Please note that SAP customers receive their downloads via the SAP Service Marketplace www.service.sap.com and must not use downloads from the addresses above for their SAP solutions.
Recommendation:
The vendor has released MaxDB 7.6.00.31 to address this issue. Users should contact the vendor to obtain the appropriate upgrade.
As a temporary workaround the SAP-DB WWW Service should either be disabled or have access to it restricted using appropriate network or client based access controls.
