Details on vulnerabilities in SAP products
Security service provider NGSSoftware has published details of several vulnerabilities in SAP software products, which could be used by attackers, possibly even to gain control over servers and clients. Patches for all of these security bugs were provided three months ago. NGSSoftware releases its security advisories with a delay of three months to grant administrators sufficient time to test and install updates. Those who have not installed these updates yet, are advised to do so a.s.a.p., since publishing details on these flaws will also increase the risk of public exploits.
For instance, NGSSoftware has detected numerous bugs in the ActiveX controls installed with EnjoySAP, including buffer overflows and opportunities to create files on the affected system, although apparently not to write content into these files. EnjoySAP is a graphical user interface for SAP applications. It is about 500 MB in size and contains more than 1100 ActiveX controls.
Another hole was discovered in the web interface (WAHTTP.exe) of the SAP database; remote attackers could cause a buffer overflow by simply sending a malformed HTTP packet to the server listening on port 9999.
The SAP Message Server can also be confused by oversized HTTP requests, causing a buffer overflow and subsequent crash of the server. This hole could also be used for remote code injection and execution. According to the advisory, the bug resides in the script msgserver/html/group.
- High Risk Vulnerability in EnjoySAP (Stack Overflow), advisory by NGSSoftware
- Critical Risk Vulnerability in SAP DB Web Server (Stack Overflow), advisory by NGSSoftware
- Critical Risk Vulnerability in SAP Message Server (Heap Overflow), advisory by NGSSoftware
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
