lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4bc76090-718b-5d3e-f0aa-74e9642f413a@baribault.com> Date: Fri, 19 Aug 2016 10:59:29 -0400 From: Gary Baribault <gary@...ibault.com> To: fulldisclosure@...lists.org Subject: Re: [FD] Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write Hey Onapsis, you are copying and pasting a timeline with errors in it. Gary B On 19/08/16 10:53 AM, Onapsis Research wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Onapsis Security Advisory ONAPSIS-2016-022: SAP TREX Arbitrary file write > > 1. Impact on Business > ===================== > By exploiting this vulnerability an unauthenticated attacker could > modify any information indexed by the SAP system. > > Risk Level: High > > 2. Advisory Information > ======================= > - - Public Release Date: 07/20/2016 > - - Last Revised: 07/20/2016 > - - Security Advisory ID: ONAPSIS-2016-022 > - - Onapsis SVS ID: ONAPSIS-00180 > - - CVE: CVE-2016-6140 > - - Researcher: Juan Pablo Perez Etchegoyen and Sergio Abraham > - - Vendor Provided CVSS v2: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) > - - Onapsis CVSS v2: 7.1 (AV:N/AC:M/Au:N/C:C/I:N/A:N) > - - Onapsis CVSS v3: 6.8 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) > > > 3. Vulnerability Information > ============================ > - - Vendor: SAP AG > - - Affected Components: SAP TREX 7.10 – Revision 63 > - - Vulnerability Class: Improper Access Control (CWE-284) > - - Remotely Exploitable: Yes > - - Locally Exploitable: No > - - Authentication Required: No > - - Original Advisory: > http://onapsis.com/research/security-advisories/sap-trex-arbitrary-file-write > > > 4. Affected Components Description > ================================== > According to SAP “The TREX servers (name server, queue server, index > server, preprocessor, and TREX Web servers) communicate with each > other using TREXNet. TREXNet is a communication protocol developed for > TREX-internal communication. Like HTTP/HTTPS, it is based on TCP/IP”1. > > 5. Vulnerability Details > ======================== > A specific function allows a non-authenticated attacker to remotely > write arbitrary files to TREX server. > > 6. Solution > =========== > Implement SAP Security Note 2203591. > > 7. Report Timeline > ================== > - - 03/21/2015: Onapsis provides vulnerability information to SAP AG. > - - 04/14/2014: SAP reports fix is In Process. > - - 10/13/2015: SAP releases SAP Security Note 2203591 fixing the vulnerability. > - - 07/20/2016: Onapsis Releases Security Advisory. > > About Onapsis Research Labs > =========================== > Onapsis Research Labs provides the industry analysis of key security > issues that impact business-critical systems and applications. > Delivering frequent and timely security and compliance advisories with > associated risk levels, Onapsis Research Labs combine in-depth > knowledge and experience to deliver technical and business-context > with sound security judgment to the broader information security > community. > > About Onapsis, Inc. > =================== > Onapsis provides the most comprehensive solutions for securing SAP and > Oracle enterprise applications. As the leading experts in SAP and > Oracle cyber-security, Onapsis’ enables security and audit teams to > have visibility, confidence and control of advanced threats, > cyber-risks and compliance gaps affecting their enterprise > applications. > > Headquartered in Boston, Onapsis serves over 180 Global 2000 > customers, including 10 top retailers, 20 top energy firms and 20 top > manufacturers. Onapsis’ solutions are also the de-facto standard for > leading consulting and audit firms such as Accenture, IBM, Deloitte, > E&Y, KPMG and PwC. > > Onapsis solutions include the Onapsis Security Platform, which is the > most widely-used SAP-certified cyber-security solution in the market. > Unlike generic security products, Onapsis’ context-aware solutions > deliver both preventative vulnerability and compliance controls, as > well as real-time detection and incident response capabilities to > reduce risks affecting critical business processes and data. Through > open interfaces, the platform can be integrated with leading SIEM, GRC > and network security products, seamlessly incorporating enterprise > applications into existing vulnerability, risk and incident response > management programs. > > These solutions are powered by the Onapsis Research Labs which > continuously provide leading intelligence on security threats > affecting SAP and Oracle enterprise applications. Experts of the > Onapsis Research Labs were the first to lecture on SAP cyber-attacks > and have uncovered and helped fix hundreds of security vulnerabilities > to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP > Mobile applications, as well as Oracle JD Edwards and Oracle > E-Business Suite platforms. > > For more information, please visit www.onapsis.com, or connect with us > on Twitter, Google+, or LinkedIn. > > 1- http://help.sap.com/saphelp_nw70/helpdata/en/40/98479c3d8148b9e10000000a114cbd/content.htm > > > > -----BEGIN PGP SIGNATURE----- > Version: Mailvelope v1.5.1 > Comment: https://www.mailvelope.com > > wkYEAREIABAFAle3HP0JEM94uljVQXA1AAChOQCghGJH2Oaoudj4VLDMj2tT > sT8seX4An3V+04s9zMG+g9LMDq4aaPZ9QbZO > =/bDL > -----END PGP SIGNATURE----- > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists