On Tue, Sep 05, 2006 at 09:47:31PM +0200, Stefan Fritsch wrote:
> Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote
> attackers to execute arbitrary code via a long database name when
> connecting via a WebDBM client.

FWIW, this is also fixed in 7.5.00.38, as far as I can see. It's available
from

  
http://ftp.sunet.se/pub/unix/databases/relational/mysql/Downloads/MaxDB/7.5.00/maxdb-source-7_5_00_38.tgz
           

but I can't the Debian patches to apply cleanly. I'll have a stab at finding
the required fix, but given the size of the changesets between these
sub-revisions, I'm not sure I'll find it.

/* Steinar */
-- 
Homepage: http://www.sesse.net/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to