-----BEGIN PGP SIGNED MESSAGE-----
(The following advisory is also available in PDF format for download at:
Pre-Advisory Name: SAP Internet Graphics Service (IGS) Remote Buffer Overflow
Vulnerability Class: Buffer Overflow
Release Date: 08/10/2006
=====================* SAP IGS 6.40 Patchlevel <= 15
* SAP IGS 7.00 Patchlevel <= 3
==================* AIX 64 bits
* HP-UX on IA64 64bit
* HP-UX on PA-RISC 64bit
* Linux on IA32 32bit
* Linux on IA64 64bit
* Linux on Power 64bit
* Linux on x86_64 64bit
* Linux on zSeries 64bit
* OS/400 V5R2M0
* Solaris on SPARC 64bit
* TRU64 64bit
* Windows Server on IA32 32bit
* Windows Server on IA64 64bit
* Windows Server on x64 64bit
Local / Remote: Remote
Author: Mariano Nu=F1ez Di Croce
=============* Confirmed, update released.
Reference to Vulnerability Disclosure Policy:
================="The IGS provides a server architecture where data from an SAP System or other sources can be used to generate graphical or non-graphical output."
It is important to note that IGS is installed and activated by default with the Web Application Server (versions >= 6.30)
=========================A specially crafted HTTP request can trigger a remote buffer overflow in SAP IGS service.
=================Technical details will be released three months after publication of this pre-advisory. This was agreed upon with SAP to allow their customers to upgrade affected software prior to technical knowledge
been publicly available.
======Under UNIX systems, successful exploitation of this vulnerability may allow an attacker to execute remote code with the privileges of the SAP System Administrator account (