lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <55660CAC.5090808@onapsis.com>
Date: Wed, 27 May 2015 15:27:56 -0300
From: Onapsis Research Labs <research@...psis.com>
To: bugtraq <bugtraq@...urityfocus.com>, 
	"fulldisclosure@...lists.org" <fulldisclosure@...lists.org>,
	submissions@...ketstormsecurity.org, pen-test@...urityfocus.com, 
	bugs@...uritytracker.com
Subject: [FD] [Onapsis Security Advisory 2015-006] SAP HANA Information
 Disclosure via SQL IMPORT FROM statement

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information
Disclosure via SQL IMPORT FROM statement


1. Impact on Business
=====================

Under certain conditions some SAP HANA Database commands could be
abused by a remote authenticated attacker to access information which
is restricted.
This could be used to gain access to confidential information.

Risk Level: Medium


2. Advisory Information
=======================

- - Public Release Date: 2015-05-27
- - Subscriber Notification Date: 2015-05-27
- - Last Revised: 2015-05-27
- - Security Advisory ID: ONAPSIS-2015006
- - Onapsis SVS ID: ONAPSIS-00142
- - CVE: CVE-2015-3995
- - Researcher: Sergio Abraham, Fernando Russ, Nahuel D. Sánchez
- - Initial Base CVSS v2:  4 (AV:N/AC:L/Au:S/C:P/I:N/A:N)


3. Vulnerability Information
============================

- - Vendor:  SAP A.G.
- - Affected Components: SAP HANA DB 1.00.73.00.389160 (NewDB100_REL)
- - Vulnerability Class: Improper Access Control (CWE-284)
- - Remotely Exploitable: Yes
- - Locally Exploitable: No
- - Authentication Required: Yes
- - Original Advisory:
http://www.onapsis.com/research/security-advisories/SAP-HANA-information
- -disclosure-via-SQL-import-from-statement



4. Affected Components Description
==================================

SAP HANA is a platform for real-time business. It combines database,
data processing, and application platform capabilities in-memory. The
platform provides libraries for predictive, planning, text processing,
spatial, and business analytics.


5. Vulnerability Details
========================

A remote authenticated attacker, could access confidential information
using specially crafted SQL statement which leads him to read
arbitrary files from the OS through the database command READ FILE
IMPORT available to be performed inside any SQL query.


6. Solution
===========

Implement SAP Security Note 2109565


7. Report Timeline
==================

2014-10-18: Onapsis provides vulnerability information to SAP AG.
2014-10-19: SAP AG confirms having the information about the
vulnerability.
2015-01-13: SAP AG publishes security note 2109565 which fixes the
problem.
2015-05-27: Onapsis publishes security advisory.


About Onapsis Research Labs
===========================

Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth
knowledge and experience to deliver technical and business-context
with sound security judgment to the broader information security
community.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Onapsis Research Team

iEYEARECAAYFAlVmDKgACgkQz3i6WNVBcDV+XgCeKE+ulvXCD/nuU4YshckzsSVd
6VsAoIAI/HV7lNQ+KyL52ssSBe2D+Zln
=/P7V
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ