lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CANHWe905yZoak7428zBg=jeyKzXRmJSCt-g5On5BEauWqtsK8Q@mail.gmail.com>
Date: Thu, 13 Aug 2015 11:56:17 +0300
From: ERPScan inc <erpscan.online@...il.com>
To: fulldisclosure@...lists.org, submissions@...ketstormsecurity.com
Subject: [FD] SAP Security Notes August 2015

SAP <http://www.sap.com/> has released
<http://scn.sap.com/community/security/blog/2015/08/11/sap-security-patch-day-summary--august-2015>the
monthly critical patch update for August 2015. This patch update closes 22
vulnerabilities in SAP products, 15 have high priority, some of them belong
to the SAP HANA security area. The most popular vulnerability is Cross Site
Scripting (XSS). This month, three critical vulnerabilities found by
ERPScan researchers Dmitry Chastuhin, Vahagn Vardanyan, Roman Bejan were
closed.


*Issues that were patched with the help of ERPScan*


Below are the details of SAP vulnerabilities that were found by ERPScan
<http://www.erpscan.com/> researchers.



   - An XML eXternal Entity vulnerability in SAP Mobile Platform 2.3 (CVSS
   Base Score: 4.9). Update is available in SAP Security Note 2152227
   <https://service.sap.com/sap/support/notes/2152227>. An attacker can use
   XML eXternal Entities to send specially crafted unauthorized XML requests,
   which will be processed by the XML parser. The attacker will get
   unauthorized access to the OS file system.
   - An XML eXternal Entity vulnerability in SAP NetWeaver Portal (CVSS
   Base Score: 4.9). Update is available in SAP Security Note 2168485
   <https://service.sap.com/sap/support/notes/2168485>. An attacker can use
   XML eXternal Entities to send specially crafted unauthorized XML requests,
   which will be processed by the XML parser. The attacker will get
   unauthorized access to the OS file system.
   - An XSS vulnerability in SAP Afaria 7 (CVSS Base Score: 4.3). Update is
   available in SAP Security Note 2152669
   <https://service.sap.com/sap/support/notes/2152669>. An attacker can
   modify displayed application content without authorization and steal
   authentication data (cookie).


*The most critical issues found by other researchers*


Some of our readers and clients asked us to categorize the most critical
SAP vulnerabilities to patch them first. Companies providing SAP Security
Audit, SAP Security Assessment, or SAP Penetration Testing services can
include these vulnerabilities in their checklists. The most critical
vulnerabilities of this update can be patched by the following SAP Security
Notes:



   - 2037304: <https://service.sap.com/sap/support/notes/2037304> SAP ST-P
   has a Remote Command Execution vulnerability (CVSS Base Score: 8.5). An
   attacker can use Remote Command Execution to run commands remotely.
   Executed commands will run with the privileges of the service that executes
   them. An attacker can access arbitrary files and directories located in an
   SAP server filesystem, including application source code, configuration,
   and critical system files. It allows obtaining critical technical and
   business-related information stored in the vulnerable SAP system. It is
   recommended to install this SAP Security Note to prevent risks.
   - 2169391 <https://service.sap.com/sap/support/notes/2169391>: SAP
   NetWeaver AFP Servlet has a Reflected File Download vulnerability (CVSS
   Base Score: 7.5). Reflected File Download (RFD) is a web attack vector
   that enables attackers to gain complete control over a victim's machine. In
   an RFD attack, the user follows a malicious link to a trusted domain
   resulting in a file download from that domain. It is recommended to install
   this SAP Security Note to prevent risks.
   - 2175928 <https://service.sap.com/sap/support/notes/2175928>: SAP HANA
   has a Running Process Remote Termination vulnerability (CVSS Base Score:
   6.8). An attacker can use this vulnerability to terminate the process of
   a vulnerable component. Nobody will be able to use this service, which has
   a negative impact on business processes, system downtime, and business
   reputation. It is recommended to install this SAP Security Note to prevent
   risks.
   - 2165583 <https://service.sap.com/sap/support/notes/2165583>: SAP HANA
   has an incorrect system configuration vulnerability (CVSS Base Score: 6.6).
   SAP HANA internal services could be accessed without authentication if the
   HANA system is insecurely configured and no other security measures are in
   place. This could endanger system availability, data confidentiality and
   integrity. It is recommended to install this SAP Security Note to prevent
   risks.


It is highly recommended to patch all those SAP vulnerabilities to prevent
business risks affecting your SAP systems.


SAP has traditionally thanked the security researchers from ERPScan for
found vulnerabilities on their acknowledgment page
<http://scn.sap.com/docs/DOC-8218>.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ