lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <55660CB5.5030801@onapsis.com>
Date: Wed, 27 May 2015 15:28:05 -0300
From: Onapsis Research Labs <research@...psis.com>
To: bugtraq <bugtraq@...urityfocus.com>,
	"fulldisclosure@...lists.org" <fulldisclosure@...lists.org>,
	submissions@...ketstormsecurity.org, pen-test@...urityfocus.com,
	bugs@...uritytracker.com
Subject: [FD] [Onapsis Security Advisory 2015-007] SAP HANA Log Injection
	Vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security AdvisoryONAPSIS-2015-007: SAP HANA Log Injection
Vulnerability

1. Impact on Business
=====================

Under certain conditions the SAP HANA XS engine is vulnerable to
arbitrary log
injection, allowing remote authenticated attackers to write arbitrary
information in log files.
This could be used to corrupt log files or add fake content misleading
an administrator.

Risk Level: Medium

2. Advisory Information
=======================

- - Public Release Date: 2015-05-27
- - Subscriber Notification Date: 2015-05-27
- - Last Revised: 2015-05-27
- - Security Advisory ID: ONAPSIS-2015-007
- - Onapsis SVS ID: ONAPSIS-00140
- - CVE: CVE-2015-3994
- - Researcher: Fernando Russ, Nahuel D. Sánchez
- - Initial Base CVSS v2:  4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N)


3. Vulnerability Information
============================

- - Vendor:  SAP A.G.
- - Affected Components: SAP HANA DB 1.00.73.00.389160 (NewDB100_REL)
- - Vulnerability Class: Improper Output Neutralization for Logs (CWE-117)
- - Remotely Exploitable: Yes
- - Locally Exploitable: No
- - Authentication Required: Yes
- - Original Advisory:
http://www.onapsis.com/research/security-advisories/SAP-HANA-log-injection-vulnerability-in-extended-application-services

4. Affected Components Description
==================================

SAP HANA is a platform for real-time business. It combines database,
data processing, and application platform capabilities in-memory. The
platform provides libraries for predictive, planning, text processing,
spatial, and business analytics.

5. Vulnerability Details
========================

Under certain conditions a remote authenticated attacker can inject log
lines performing specially crafted HTTP requests to the vulnerable SAP
HANA XS Engine.

The vulnerable application is “grant.xsfunc”, located under:

            /testApps/grantAccess/grant.xscfunc

6. Solution
===========

Implement SAP Security Note 2109818


7. Report Timeline
==================

2014-10-03: Onapsis provides vulnerability information to SAP AG.
2014-11-07: Onapsis provides additional information about the
vulnerability to SAP AG.
2015-01-26: Onapsis provides additional information about the
vulnerability to SAP AG.
2015-02-10: SAP AG publishes security note 2109818 which fixes the problem.
2015-05-27: Onapsis publishes security advisory.
Organizations depend on Onapsis because of our ability to provide
reliable expertise and solutions for securing business essentials


About Onapsis Research Labs
===========================

Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth knowledge
and experience to deliver technical and business-context with sound
security judgment to the broader information security community.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Onapsis Research Team

iEYEARECAAYFAlVmDLIACgkQz3i6WNVBcDUR4ACeK/opClwvxRdiTBODTGzuNT3T
mfQAoMb54pvOSeCMqeMjKokdsN/i8GNL
=JXst
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ