CVE-2005-4815

Name of the Vulnerable Software and Affected Versions SAP versions prior to 6.40 patch 4 SAP versions prior to 6.20 patch 1364 SAP versions prior to 4.6D patch 1767 SAP versions prior to 45B patch 913 SAP versions prior to 40B patch 1008 SAP versions prior to 31I patch 735

Description The issue allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file. This is due to improper restriction of process execution by lnaxdm/sapsys.

Recommendations For SAP versions prior to 6.40 patch 4, apply patch 4 to resolve the issue. For SAP versions prior to 6.20 patch 1364, apply patch 1364 to resolve the issue. For SAP versions prior to 4.6D patch 1767, apply patch 1767 to resolve the issue. For SAP versions prior to 45B patch 913, apply patch 913 to resolve the issue. For SAP versions prior to 40B patch 1008, apply patch 1008 to resolve the issue. For SAP versions prior to 31I patch 735, apply patch 735 to resolve the issue.