[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] [Onapsis Security Advisory 2010-007] SAP
From: Onapsis Research Labs <research () onapsis ! com>
Date: 2010-09-29 20:10:57
Message-ID: 4CA39D51.9000308 () onapsis ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory 2010-007: SAP Management Console Multiple Denial of Service
This advisory can be downloaded in PDF format from http://www.onapsis.com/research.html.
By downloading this advisory from the Onapsis Resource Center, you will gain access to \
beforehand information on upcoming advisories, presentations and new research projects from the \
Onapsis Research Labs, as well as exclusive access to special promotions for upcoming trainings \
and conferences.
1. Impact on Business
=====================
By exploiting this vulnerability, an unauthenticated internal or external attacker would be \
able remotely disrupt the main management interface of the Organization's SAP systems.
This would result in the impossibility of performing remote maintenance of the SAP landscape, \
forcing administrators to invest effort into restoring the system to its original state.
- - Risk Level: High
2. Advisory Information
=======================
- - Public Release Date: 2010-09-29
- - Subscriber Notification Date: 2010-09-22
- - Last Revised: 2010-09-22
- - Security Advisory ID: ONAPSIS-2010-007
- - Onapsis SVS ID: ONAPSIS-00008, ONAPSIS-00009
- - Researcher: Jordan Santarsieri
3. Vulnerability Information
============================
- - Vendor: SAP
- - Affected Components:
. SAP KERNEL RELEASE 6.40
. SAP KERNEL RELEASE 7.00
. SAP KERNEL RELEASE 7.10
(Check SAP Notes 1469804 and 1151410 for detailed information on affected releases)
- - Vulnerability Class: Null-pointer dereference
- - Remotely Exploitable: Yes
- - Locally Exploitable: Yes
- - Authentication Required: No
- - Module Available in Onapsis X1: Yes
- - Original Advisory: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-007
4. Affected Components Description
==================================
The SAP Management Console (SAP MC) provides a common framework for centralized system \
management. It allows users to monitor and perform basic administration tasks on the SAP system \
centrally, thus simplifying system administration. Through this component, administrators can \
start, stop and restart instances, monitor system alerts, display log and trace files, etc.
This service is enabled by default in every SAP system.
5. Vulnerability Details
========================
The SAP MC component fails to process malformed requests, resulting in a Denial of Service \
condition due to the fact that the affected service is crashed.
Onapsis is not distributing technical details about this issue to the general public at this \
moment in order to provide enough time to affected customers to patch their systems and protect \
against the exploitation of the described vulnerability.
6. Solution
===========
SAP has released SAP Notes 1469804 and 1151410, which provide patched versions of the affected \
components.
The patches can be downloaded from https://service.sap.com/sap/support/notes/1469804 and \
https://service.sap.com/sap/support/notes/1151410
Onapsis strongly recommends SAP customers to download the related security fix and apply it to \
the affected components in order to reduce business risks.
7. Report Timeline
==================
. 2009-12-17: Onapsis provides vulnerability information to SAP.
. 2009-12-18: SAP confirms reception of vulnerability submission.
. 2010-08-17: SAP states that one of the reported issues has already been fixed in note \
1151410. The other issue will be fixed through note 1469804.
. 2010-09-14: SAP releases security patches.
. 2010-09-22: Onapsis notifies availability of security advisory to Onapsis Subscribers.
. 2010-09-29: Onapsis notifies availability of security advisory to security mailing lists.
About Onapsis Research Labs
===========================
Onapsis is continuously investing resources in the research of the security of business \
critical systems and applications.
With that objective in mind, a special unit - the Onapsis Research Labs - has been developed \
since the creation of the company. The experts involved in this special team lead the public \
research trends in this matter, having discovered and published many of the public security \
vulnerabilities in these platforms.
The outcome of this advanced and cutting-edge research is continuously provided to the Onapsis \
Consulting and Development teams, improving the quality of our solutions and enabling our \
customers to be protected from the latest risks to their critical business information.
Furthermore, the results of this research projects are usually shared with the general security \
and professional community, encouraging the sharing of information and increasing the common \
knowledge in this field.
About Onapsis
=============
Onapsis is the leading provider of solutions for the security of ERP and business-critical \
systems and applications. Through different innovative products and services, Onapsis helps its \
global customers to effectively increase the security level of their core business platforms, \
protecting their information and decreasing financial fraud risks.
Onapsis is built upon a team of world-renowned experts in the SAP security field, with several \
years of experience in the assessment and protection of critical platforms in world-wide \
customers, such as Fortune-500 companies and governmental entities.
Our star product, Onapsis X1, enables our customers to perform automated Security & Compliance \
Audits, Vulnerability Assessments and Penetration Tests over their SAP platform, helping them \
enforce compliance requirements, decrease financial fraud risks an reduce audit costs \
drastically.
Some of our featured services include SAP Penetration Testing, SAP Gateway & RFC security, SAP \
Enterprise Portal security assessment, Security Support for SAP Implementations and Upgrades, \
SAP System Hardening and SAP Technical Security Audits.
For further information about our solutions, please contact us at info@onapsis.com and visit \
our website at www.onapsis.com.
Copyright (c) 2010 Onapsis SRL. All rights reserved.
This advisory may be distributed as long as its distribution is free-of-charge and proper \
credit is given.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkyjnVEACgkQz3i6WNVBcDXdTgCeNg9or+Pc3nP/tt8QlwIf2m37
6J4An3M/Kzb6TdxH2DeDDwHvy6x965GC
=mIOL
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic