what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

CYBSEC-SAPIGSBO.txt

CYBSEC-SAPIGSBO.txt
Posted Aug 27, 2006
Authored by Mariano Nunez Di Croce | Site cybsec.com

CYBSEC Security Advisory - The SAP Internet Graphics Service (IGS) suffers from a buffer overflow condition.

tags | advisory, overflow
SHA-256 | 823b0b5aa7b72a6a392e4e6d2319704ca685d846f6cec087d50131209bfffdf8

CYBSEC-SAPIGSBO.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf )


CYBSEC S.A.
www.cybsec.com

Pre-Advisory Name: SAP Internet Graphics Service (IGS) Remote Buffer Overflow
==================

Vulnerability Class: Buffer Overflow
====================

Release Date: 08/10/2006
=============

Affected Applications:
======================
* SAP IGS 6.40 Patchlevel <= 15
* SAP IGS 7.00 Patchlevel <= 3

Affected Platforms:
===================
* AIX 64 bits
* HP-UX on IA64 64bit
* HP-UX on PA-RISC 64bit
* Linux on IA32 32bit
* Linux on IA64 64bit
* Linux on Power 64bit
* Linux on x86_64 64bit
* Linux on zSeries 64bit
* OS/400 V5R2M0
* Solaris on SPARC 64bit
* TRU64 64bit
* Windows Server on IA32 32bit
* Windows Server on IA64 64bit
* Windows Server on x64 64bit

Local / Remote: Remote
===============

Severity: High
=========

Author: Mariano Nuñez Di Croce
=======

Vendor Status:
==============
* Confirmed, update released.

Reference to Vulnerability Disclosure Policy:
=============================================
http://www.cybsec.com/vulnerability_policy.pdf

Product Overview:
==================
"The IGS provides a server architecture where data from an SAP System or other sources can be used to generate graphical or non-graphical output."

It is important to note that IGS is installed and activated by default with the Web Application Server (versions >= 6.30)

Vulnerability Description:
==========================
A specially crafted HTTP request can trigger a remote buffer overflow in SAP IGS service.

Technical Details:
==================
Technical details will be released three months after publication of this pre-advisory. This was agreed upon with SAP to allow their customers to upgrade affected software prior to technical knowledge
been publicly available.

Impact:
=======
Under UNIX systems, successful exploitation of this vulnerability may allow an attacker to execute remote code with the privileges of the SAP System Administrator account (<SID>adm), allowing him to
take full control of the SAP system installation.

Under Microsoft Windows systems, successful exploitation of this vulnerability may allow an attacker to execute remote code with the privileges of the LocalSystem account, allowing him to take full
control of the entire system.

Solutions:
==========
SAP has released patches to address this vulnerability. Affected customers should apply the patches immediately.
More information can be found on SAP Note 968423.

Vendor Response:
================
* 06/02/2006: Initial Vendor Contact.
* 06/09/2006: Vendor Confirmed Vulnerability.
* 07/03/2006: Vendor Releases Update for version 6.40.
* 07/13/2006: Vendor Releases Update for version 7.00.
* 08/10/2006: Pre-Advisory Public Disclosure.

Special Thanks:
===============
Thanks goes to Carlos Diaz and Victor Montero.

Contact Information:
====================
For more information regarding the vulnerability feel free to contact the author at mnunez {at} cybsec.com. Please bear in mind that technical details will be disclosed to the general public three
months after the release of this pre-advisory.


For more information regarding CYBSEC: www.cybsec.com
(c) 2006 - CYBSEC S.A. Security Systems
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFE238qbbZGNCayCJkRAo7tAKCuqbSWHOUUFAHMgBAcXR/3wXbqoQCeKBB0
IEeyVuvLCp/C8Lg+h8ZamYs=
=2Zg6
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close