[<prev] [next>] [day] [month] [year] [list]
Message-ID: <55660CAC.5090808@onapsis.com>
Date: Wed, 27 May 2015 15:27:56 -0300
From: Onapsis Research Labs <research@...psis.com>
To: bugtraq <bugtraq@...urityfocus.com>,
"fulldisclosure@...lists.org" <fulldisclosure@...lists.org>,
submissions@...ketstormsecurity.org, pen-test@...urityfocus.com,
bugs@...uritytracker.com
Subject: [FD] [Onapsis Security Advisory 2015-006] SAP HANA Information
Disclosure via SQL IMPORT FROM statement
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information
Disclosure via SQL IMPORT FROM statement
1. Impact on Business
=====================
Under certain conditions some SAP HANA Database commands could be
abused by a remote authenticated attacker to access information which
is restricted.
This could be used to gain access to confidential information.
Risk Level: Medium
2. Advisory Information
=======================
- - Public Release Date: 2015-05-27
- - Subscriber Notification Date: 2015-05-27
- - Last Revised: 2015-05-27
- - Security Advisory ID: ONAPSIS-2015006
- - Onapsis SVS ID: ONAPSIS-00142
- - CVE: CVE-2015-3995
- - Researcher: Sergio Abraham, Fernando Russ, Nahuel D. Sánchez
- - Initial Base CVSS v2: 4 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
3. Vulnerability Information
============================
- - Vendor: SAP A.G.
- - Affected Components: SAP HANA DB 1.00.73.00.389160 (NewDB100_REL)
- - Vulnerability Class: Improper Access Control (CWE-284)
- - Remotely Exploitable: Yes
- - Locally Exploitable: No
- - Authentication Required: Yes
- - Original Advisory:
http://www.onapsis.com/research/security-advisories/SAP-HANA-information
- -disclosure-via-SQL-import-from-statement
4. Affected Components Description
==================================
SAP HANA is a platform for real-time business. It combines database,
data processing, and application platform capabilities in-memory. The
platform provides libraries for predictive, planning, text processing,
spatial, and business analytics.
5. Vulnerability Details
========================
A remote authenticated attacker, could access confidential information
using specially crafted SQL statement which leads him to read
arbitrary files from the OS through the database command READ FILE
IMPORT available to be performed inside any SQL query.
6. Solution
===========
Implement SAP Security Note 2109565
7. Report Timeline
==================
2014-10-18: Onapsis provides vulnerability information to SAP AG.
2014-10-19: SAP AG confirms having the information about the
vulnerability.
2015-01-13: SAP AG publishes security note 2109565 which fixes the
problem.
2015-05-27: Onapsis publishes security advisory.
About Onapsis Research Labs
===========================
Onapsis Research Labs provides the industry analysis of key security
issues that impact business-critical systems and applications.
Delivering frequent and timely security and compliance advisories with
associated risk levels, Onapsis Research Labs combine in-depth
knowledge and experience to deliver technical and business-context
with sound security judgment to the broader information security
community.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Onapsis Research Team
iEYEARECAAYFAlVmDKgACgkQz3i6WNVBcDV+XgCeKE+ulvXCD/nuU4YshckzsSVd
6VsAoIAI/HV7lNQ+KyL52ssSBe2D+Zln
=/P7V
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists