CVE-2010-1185

Name of the Vulnerable Software and Affected Versions SAP MaxDB versions 7.4.3.32, 7.6.0.37 through 7.6.06

Description The issue is related to a stack-based buffer overflow in the serv.exe component. It can be triggered by sending an invalid length parameter in a handshake packet to TCP port 7210, allowing remote attackers to execute arbitrary code.

Recommendations For SAP MaxDB version 7.4.3.32, update to a version that includes a fix for this issue. For SAP MaxDB versions 7.6.0.37 through 7.6.06, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to TCP port 7210 to minimize the risk of exploitation.