'[Full-disclosure] [Onapsis Security Advisory 2010-007] SAP'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] [Onapsis Security Advisory 2010-007] SAP
From:       Onapsis Research Labs <research () onapsis ! com>
Date:       2010-09-29 20:10:57
Message-ID: 4CA39D51.9000308 () onapsis ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2010-007: SAP Management Console Multiple Denial of Service

This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html.
By downloading this advisory from the Onapsis Resource Center, you will gain access to \
beforehand information on upcoming advisories, presentations and new research projects from the \
Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings \
and conferences.


1. Impact on Business
=====================

By exploiting this vulnerability, an unauthenticated internal or external attacker would be \
able remotely disrupt the main management interface of the Organization's SAP systems.

This would result in the impossibility of performing remote maintenance of the SAP landscape, \
forcing administrators to invest effort into restoring the system to its original state.


- - Risk Level: High


2. Advisory Information
=======================

- - Public Release Date: 2010-09-29

- - Subscriber Notification Date: 2010-09-22

- - Last Revised: 2010-09-22

- - Security Advisory ID: ONAPSIS-2010-007

- - Onapsis SVS ID: ONAPSIS-00008, ONAPSIS-00009

- - Researcher: Jordan Santarsieri


3. Vulnerability Information
============================

- - Vendor: SAP

- - Affected Components:

	. SAP KERNEL RELEASE 6.40
	. SAP KERNEL RELEASE 7.00
	. SAP KERNEL RELEASE 7.10
	(Check SAP Notes 1469804 and 1151410 for detailed information on affected releases)

- - Vulnerability Class: Null-pointer dereference

- - Remotely Exploitable: Yes

- - Locally Exploitable: Yes

- - Authentication Required: No

- - Module Available in Onapsis X1: Yes

- - Original Advisory: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-007


4. Affected Components Description
==================================

The SAP Management Console (SAP MC) provides a common framework for centralized system \
management. It allows users to monitor and perform basic administration tasks on the SAP system \
centrally, thus simplifying system administration. Through this component, administrators can \
start, stop and restart instances, monitor system alerts, display log and trace files, etc.

This service is enabled by default in every SAP system.


5. Vulnerability Details
========================

The SAP MC component fails to process malformed requests, resulting in a Denial of Service \
condition due to the fact that the affected service is crashed.

Onapsis is not distributing technical details about this issue to the general public at this \
moment in order to provide enough time to affected customers to patch their systems and protect \
against the exploitation of the described vulnerability.


6. Solution
===========

SAP has released SAP Notes 1469804 and 1151410, which provide patched versions of the affected \
components.

The patches can be downloaded from https://service.sap.com/sap/support/notes/1469804 and \
https://service.sap.com/sap/support/notes/1151410

Onapsis strongly recommends SAP customers to download the related security fix and apply it to \
the affected components in order to reduce business risks.


7. Report Timeline
==================

	. 2009-12-17: Onapsis provides vulnerability information to SAP.
	. 2009-12-18: SAP confirms reception of vulnerability submission.
	. 2010-08-17: SAP states that one of the reported issues has already been fixed in note \
                1151410. The other issue will be fixed through note 1469804.
	. 2010-09-14: SAP releases security patches.
	. 2010-09-22: Onapsis notifies availability of security advisory to Onapsis Subscribers.
	. 2010-09-29: Onapsis notifies availability of security advisory to security mailing lists.


About Onapsis Research Labs
===========================

Onapsis is continuously investing resources in the research of the security of business \
critical systems and applications.

With that objective in mind, a special unit - the Onapsis Research Labs - has been developed \
since the creation of the company. The experts involved in this special team lead the public \
research trends in this matter, having discovered and published many of the public security \
vulnerabilities in these platforms.

The outcome of this advanced and cutting-edge research is continuously provided to the Onapsis \
Consulting and Development teams, improving the quality of our solutions and enabling our \
customers to be protected from the latest risks to their critical business information.

Furthermore, the results of this research projects are usually shared with the general security \
and professional community, encouraging the sharing of information and increasing the common \
knowledge in this field.


About Onapsis
=============

Onapsis is the leading provider of solutions for the security of ERP and business-critical \
systems and applications. Through different innovative products and services, Onapsis helps its \
global customers to effectively increase the security level of their core business platforms, \
protecting their information and decreasing financial fraud risks.

Onapsis is built upon a team of world-renowned experts in the SAP security field, with several \
years of experience in the assessment and protection of critical platforms in world-wide \
customers, such as Fortune-500 companies and governmental entities.

Our star product, Onapsis X1, enables our customers to perform automated Security & Compliance \
Audits, Vulnerability Assessments and Penetration Tests over their SAP platform, helping them \
enforce compliance requirements, decrease financial fraud risks an reduce audit costs \
drastically.

Some of our featured services include SAP Penetration Testing, SAP Gateway & RFC security, SAP \
Enterprise Portal security assessment, Security Support for SAP Implementations and Upgrades, \
SAP System Hardening and SAP Technical Security Audits.

For further information about our solutions, please contact us at info@onapsis.com and visit \
our website at www.onapsis.com.


Copyright (c) 2010 Onapsis SRL. All rights reserved.
This advisory may be distributed as long as its distribution is free-of-charge and proper \
credit is given.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkyjnVEACgkQz3i6WNVBcDXdTgCeNg9or+Pc3nP/tt8QlwIf2m37
6J4An3M/Kzb6TdxH2DeDDwHvy6x965GC
=mIOL
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic