CVE-2014-6283 Information

Description

SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63 15.5 before ESD5.4 and 15.0.3 before ESD4.4 does not properly restrict access which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function and possibly other vectors.

Reference

http://blog.spiderlabs.com/2014/09/cve-2014-6283-sap-ase-missing-authorization-checks-and-arbitrary-code-execution.html http://scn.sap.com/docs/DOC-55451 http://secunia.com/advisories/61238 https://exchange.xforce.ibmcloud.com/vulnerabilities/99935 https://service.sap.com/sap/support/notes/2044220 https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-013.txt