we are making a security test to our SAP system, and we are encountering
problems with IGS watchdog, which is not starting up.
It worked well until we tried to exploit the vulnerability exposed on
"Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40
and earlier, and 7.00 and earlier, allows remote attackers to cause a
denial of service (crash) or execute arbitrary code via an HTTP request
with an ADM:GETLOGFILE command and a long portwatcher argument, which
triggers the overflow during error message construction when the
_snprintf function returns a negative value that is used in a memcpy
After sending a packet with a long value, our igs service crashed. This
is the expected result, but after rebooting the server, the igs watchdog
service doesn't startup.
After that, we have process the syslog entries that we have at the
SAPMMC, and we have encountered errors at the database. The error is
8115 and seems to be related to an arithmetic overflow. We believe that
its a consequence of the proof of concept that we have done.
Can anybody help us?
Lots of thanks and best regards.