exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SAP XRFC 6.40 / 7.00 Stack Overflow

SAP XRFC 6.40 / 7.00 Stack Overflow
Posted Nov 17, 2010
Authored by Alexey Sintsov

SAP XRFC version 6.40 and 7.00 suffers from a stack overflow vulnerability.

tags | advisory, overflow
SHA-256 | 9b8e7b9a5adb907ede97829d87b64a1087018e9595e7e83781a56c9d2180bf3a

SAP XRFC 6.40 / 7.00 Stack Overflow

Change Mirror Download
Digital Security Research Group [DSecRG] Advisory [DSECRG-10-205]
Internal #DSECRG-00144


Application: SAP BASIS
Versions Affected: SAP XRFC 6.40/7.00 may be others
Vendor URL: http://SAP.com
Bug: Stack Overflow
Exploits: YES (DoS PoC)
Reported: 29.03.2010
Vendor response: 29.03.2010
Solution: YES
Date of Public Advisory: 09.11.2010
Authors: Alexey Sintsov of Digital Security Research Group [DSecRG]



Description
***********

It is possible to make stack overflow condition via RFC SOAP request. In
common case
disp+work.exe (for windows version) will be restarted. If here will be
regular SOAP requests
than it's DoS. May be it's code execution possible.


Details
*******

Error present in XML parser, when it try to process tags from RFC SOAP
request.
Big count of inserted tag in tag causes a Stack Overflow condition.
User must be authenticated for this attack, but it's some default accounts:
EARLYWATCH, SAPCPIC, TMSADM, that can get access to SOAP interface.

Example
*******

http://dsecrg.com/pages/vul/show.php?id=205

References
**********

http://dsecrg.com/pages/vul/show.php?id=205
http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/c05604f6-4eb3-2d10-eea7-ceb666083a6a
https://service.sap.com/sap/support/notes/1469549




Fix Information
***************

Solution for this issue given in security note 1469549




About
*****

Digital Security is one of the leading IT security companies in CEMEA,
providing information security consulting, audit and penetration
testing services, ERP and SAP security assessment, certification for ISO/IEC
27001:2005 and PCI DSS and PA DSS standards.
Digital Security Research Group focuses on enterprise application (ERP) and
database
security problems with vulnerability reports, advisories and whitepapers
posted regularly on our website.

Contact: research [at] dsecrg [dot]com
http://www.dsecrg.com
http://www.erpscan.com
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    0 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close