exploit the possibilities

SAP Business Objects Memory Corruption

SAP Business Objects Memory Corruption
Posted Sep 23, 2015
Authored by Will Vandevanter | Site onapsis.com

Onapsis Security Advisory - SAP Business Objects suffers from a memory corruption vulnerability. By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users.

tags | advisory
MD5 | 9c3b4413424aa1583e56b36cff3401d7

SAP Business Objects Memory Corruption

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2015-013: SAP Business Objects Memory Corruption

1. Impact on Business
=====================

By exploiting this vulnerability an unauthenticated attacker could read or
write
any business-relevant information from the Business Intelligence Platform
and also
render the system unavailable to other users.

Risk Level: High


2. Advisory Information
=======================

* Public Release Date: 09/22/2015
* Last Revised: 09/22/2015
* Security Advisory ID: ONAPSIS-2015-013
* Onapsis SVS ID: ONAPSIS-00105
* CVE: N/A
* Researcher: Will Vandevanter
* Vendor Provided CVSS v2: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
* Onapsis CVSS v2: 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C)
* Onapsis CVSS v3: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)


3. Vulnerability Information
============================
* Vendor: SAP AG
* Affected Components:
* BussinessObjects Edge 4.0
* BussinessObjects BI Platform 4.1
* BOXI 3.1 R3

* Vulnerability Class: Buffer Copy without Checking Size of Input (CWE-120)
* Remotely Exploitable: Yes
* Locally Exploitable: No
* Authentication Required: No
* Original Advisory:
http://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption


4. Affected Components Description
==================================

Business Objects is part of the Business Intelligence platform from SAP.
It has components that provide performance management, planning, reporting,
query and analysis and enterprise information management.

Every Business Objects installation provides a web service to interact with
different platform services.

5. Vulnerability Details
========================

A mishandling of a malformed GIOP packet causes the remote listener to
crash while reading from invalid memory.


6. Solution
===========

Implement SAP Security Note 2001108.


7. Report Timeline
==================

12/23/2013: Onapsis provides vulnerability information to SAP AG.
12/24/2013: SAP AG confirms reception of vulnerability report.
01/14/2014: SAP reports fix is In Process.
05/12/2015: SAP releases SAP Security Note 2001108 fixing the vulnerability.
09/22/2015: Onapsis Releases Security Advisory.


About Onapsis Research Labs
===========================
Onapsis Research Labs provides the industry analysis of key security issues
that impact business-critical
systems and applications. Delivering frequent and timely security and
compliance advisories with associated
risk levels, Onapsis Research Labs combine in-depth knowledge and
experience to deliver technical and
business-context with sound security judgment to the broader information
security community.


About Onapsis, Inc.
===================

Onapsis gives organizations the adaptive advantage to succeed in securing
business-critical applications
by combining technology, research and analytics. Onapsis enables every
security and compliance team an
adaptive approach to focus on the factors that matter most to their
business– critical applications
that house vital data and run business processes including SAP Business
Suite, SAP HANA and SAP Mobile deployments.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Onapsis Research Team

iEYEARECAAYFAlYBXocACgkQz3i6WNVBcDWzQACfXNTkrGnjNw3VAS9NMlHfrE8u
ZCYAn3KgsLS4ilR5Yy9a5tGj3khotWmE
=tuOy
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    14 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close