On Tue, Sep 05, 2006 at 09:47:31PM +0200, Stefan Fritsch wrote: > Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote > attackers to execute arbitrary code via a long database name when > connecting via a WebDBM client.
FWIW, this is also fixed in 7.5.00.38, as far as I can see. It's available from http://ftp.sunet.se/pub/unix/databases/relational/mysql/Downloads/MaxDB/7.5.00/maxdb-source-7_5_00_38.tgz but I can't the Debian patches to apply cleanly. I'll have a stab at finding the required fix, but given the size of the changesets between these sub-revisions, I'm not sure I'll find it. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]