lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4bc76090-718b-5d3e-f0aa-74e9642f413a@baribault.com>
Date: Fri, 19 Aug 2016 10:59:29 -0400
From: Gary Baribault <gary@...ibault.com>
To: fulldisclosure@...lists.org
Subject: Re: [FD] Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX
 Arbitrary file write

Hey Onapsis, you are copying and pasting a timeline with errors in it.

Gary B

On 19/08/16 10:53 AM, Onapsis Research wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write
>
> 1. Impact on Business
> =====================
> By exploiting this vulnerability an unauthenticated attacker could
> modify any information indexed by the SAP system.
>
> Risk Level: High
>
> 2. Advisory Information
> =======================
> - - Public Release Date: 07/20/2016
> - - Last Revised: 07/20/2016
> - - Security Advisory ID: ONAPSIS-2016-022
> - - Onapsis SVS ID: ONAPSIS-00180
> - - CVE: CVE-2016-6140
> - - Researcher: Juan Pablo Perez Etchegoyen and Sergio Abraham
> - - Vendor Provided CVSS v2: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
> - - Onapsis CVSS v2: 7.1 (AV:N/AC:M/Au:N/C:C/I:N/A:N)
> - - Onapsis CVSS v3: 6.8 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
>
>
> 3. Vulnerability Information
> ============================
> - - Vendor:  SAP AG
> - - Affected Components: SAP TREX 7.10 – Revision 63
> - - Vulnerability Class: Improper Access Control (CWE-284)
> - - Remotely Exploitable: Yes
> - - Locally Exploitable: No
> - - Authentication Required: No
> - - Original Advisory:
> http://onapsis.com/research/security-advisories/sap-trex-arbitrary-file-write
>
>
> 4. Affected Components Description
> ==================================
> According to SAP “The TREX servers (name server, queue server, index
> server, preprocessor, and TREX Web servers) communicate with each
> other using TREXNet. TREXNet is a communication protocol developed for
> TREX-internal communication. Like HTTP/HTTPS, it is based on TCP/IP”1.
>
> 5. Vulnerability Details
> ========================
> A specific function allows a non-authenticated attacker to remotely
> write arbitrary files to TREX server.
>
> 6. Solution
> ===========
> Implement SAP Security Note 2203591.
>
> 7. Report Timeline
> ==================
> - - 03/21/2015: Onapsis provides vulnerability information to SAP AG.
> - - 04/14/2014: SAP reports fix is In Process.
> - - 10/13/2015: SAP releases SAP Security Note 2203591 fixing the vulnerability.
> - - 07/20/2016: Onapsis Releases Security Advisory.
>
> About Onapsis Research Labs
> ===========================
> Onapsis Research Labs provides the industry analysis of key security
> issues that impact business-critical systems and applications.
> Delivering frequent and timely security and compliance advisories with
> associated risk levels, Onapsis Research Labs combine in-depth
> knowledge and experience to deliver technical and business-context
> with sound security judgment to the broader information security
> community.
>
> About Onapsis, Inc.
> ===================
> Onapsis provides the most comprehensive solutions for securing SAP and
> Oracle enterprise applications. As the leading experts in SAP and
> Oracle cyber-security, Onapsis’ enables security and audit teams to
> have visibility, confidence and control of advanced threats,
> cyber-risks and compliance gaps affecting their enterprise
> applications.
>
> Headquartered in Boston, Onapsis serves over 180 Global 2000
> customers, including 10 top retailers, 20 top energy firms and 20 top
> manufacturers. Onapsis’ solutions are also the de-facto standard for
> leading consulting and audit firms such as Accenture, IBM, Deloitte,
> E&Y, KPMG and PwC.
>
> Onapsis solutions include the Onapsis Security Platform, which is the
> most widely-used SAP-certified cyber-security solution in the market.
> Unlike generic security products, Onapsis’ context-aware solutions
> deliver both preventative vulnerability and compliance controls, as
> well as real-time detection and incident response capabilities to
> reduce risks affecting critical business processes and data. Through
> open interfaces, the platform can be integrated with leading SIEM, GRC
> and network security products, seamlessly incorporating enterprise
> applications into existing vulnerability, risk and incident response
> management programs.
>
> These solutions are powered by the Onapsis Research Labs which
> continuously provide leading intelligence on security threats
> affecting SAP and Oracle enterprise applications. Experts of the
> Onapsis Research Labs were the first to lecture on SAP cyber-attacks
> and have uncovered and helped fix hundreds of security vulnerabilities
> to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP
> Mobile applications, as well as Oracle JD Edwards and Oracle
> E-Business Suite platforms.
>
> For more information, please visit www.onapsis.com, or connect with us
> on Twitter, Google+, or LinkedIn.
>
> 1- http://help.sap.com/saphelp_nw70/helpdata/en/40/98479c3d8148b9e10000000a114cbd/content.htm
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: Mailvelope v1.5.1
> Comment: https://www.mailvelope.com
>
> wkYEAREIABAFAle3HP0JEM94uljVQXA1AAChOQCghGJH2Oaoudj4VLDMj2tT
> sT8seX4An3V+04s9zMG+g9LMDq4aaPZ9QbZO
> =/bDL
> -----END PGP SIGNATURE-----
>


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ