nSense Vulnerability Research Security Advisory NSENSE-2010-004
       ---------------------------------------------------------------

       Affected Vendor:    SAP
       Affected Product:   Sybase Afaria 6.0
       Platform:           Windows
       Impact:             User assisted code execution via CSRF
       Vendor response:    Patch
       CVE:                None
       Credit:             Knud

       Technical details
       ---------------------------------------------------------------

       "Afaria is the industry's most powerful and flexible mobile
        device management and security solution for the enterprise.
        Afaria provides you with a single administrative console to
        centrally manage, secure and deploy mobile data, applications
        and devices"

       The web management interface does not validate the origin of
       administrator requests thus it is vulnerable to Cross Site
       Request Forgery.

       Successful exploitation may allow an attacker to execute code
       on the target system via custom malicious event handlers
       utilizing UNC paths.

       Proof of concept:
       http://<target>/AfariaAdmin/WebForms/ErrorHandler.aspx?msg=csrf
       &ReloadLink=False

       Solution
       ---------------------------------------------------------------
       * Afaria 6.0 Service Pack 1 Hot Fix 28 (Administrator Only)
         http://frontline.sybase.com/support/fileDownload.aspx?ID=2133

         Release Notes
         http://frontline.sybase.com/support/downloads/Afaria/6_0_SP1/
         60Sp1AfariaFx28/60Sp1AfariaFx28.htm

       * Afaria 6.5 (there are two parts to Afaria 6.5 Hot Fix 55)
         Server
         http://frontline.sybase.com/support/fileDownload.aspx?ID=2142

         Administrator
         http://frontline.sybase.com/support/fileDownload.aspx?ID=2143

         Release Notes
         http://frontline.sybase.com/support/downloads/Afaria/6_5
         /65AfariaFx55/65AfariaFx55Admin/65AfariaFx55.htm


       Timeline:
       August    21st     Contacted vendor PSIRT
       September  2nd     Vendor responded. Patch confirmed
       September  2nd     Inquired patch release date
       September  2nd     Vendor responded. No release date yet
                          available.
       September 22nd     Status update request sent to vendor
       September 23rd     Vendor responded. No release date available.
       October    6th     Status update request sent to vendor
       October    7th     Vendor responded. The patch had already been
                          released
       October    7th     Inquired vendor about attribution
       October    7th     Vendor responded. Research page under
                          construction.
       November   9th     Vendor inquired about attribution details
       November   9th     Attribution details sent to vendor
       November  10th     Vendor responded.
       December  20th     Advisory published

       Links:
       http://www.sdn.sap.com/irj/sdn/index?rid=/webcontent/uuid/
       c05604f6-4eb3-2d10-eea7-ceb666083a6a


       http://www.nsense.fi                       http://www.nsense.dk


       $$s$$$$s.   ,s$$$$s   ,S$$$$$s.  $$s$$$$s.   ,s$$$$s   ,S$$$$$s.
       $$$  `$$$  ($$(       $$$  `$$$  $$$  `$$$  ($$(       $$$  `$$$
       $$$   $$$    `^$$s.   $$$$$$$$$  $$$   $$$    `^$$s.   $$$$$$$$$
       $$$   $$$       )$$)  $$$        $$$   $$$       )$$)  $$$
       $$$   $$$  ^$$$$$$7    `7$$$$$P  $$$   $$$  ^$$$$$$7   `7$$$$$P

                      D r i v e n   b y   t h e   c h a l l e n g e _