By sending crafted, invalid data to the TCP administration port (1813 by default) or the TCP control port (1812 by default) an attacker may be able to crash the SBR server process. An attacker may also be able to inject code that will run as root on the server machine.
If firewalls or other measures in your enterprise protect these ports well enough, then this vulnerability may not be serious for you.
This issue affects all versions of SBR built prior to July 31, 2008 running on Linux or Solaris platforms. Versions of SBR running on Windows platforms are not affected.