SAP RFC Library Multiple Vulnerabilities - Advisories - Secunia

SAP RFC Libraryに5つの脆弱性が存在するそうです。

1) The "RFC_SET_REG_SERVER_PROPERTY" RFC function allows to define the exclusive use of the RFC Server. This can be exploited to cause a DoS by denying access to other clients.
2) An unspecified buffer overflow exists within the "SYSTEM_CREATE_INSTANCE" RFC function, which can be exploited to execute arbitrary code.
3) An unspecified buffer overflow exists within the "RFC_START_GUI" RFC function, which can be exploited to execute arbitrary code.
4) Two unspecified errors exist within the "RFC_START_PROGRAM" RFC function. These can be exploited to gain knowledge about the RFC server's configuration or execute arbitrary code.
5) An error within the "TRUSTED_SYSTEM_SECURITY" function can be exploited to gain knowledge about existing user accounts and groups on a RFC server.