|
|
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF8E57C8B38504CDDEDF52F15
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
(The following pre-advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf )
CYBSEC S.A.
www.cybsec.com
Pre-Advisory Name: SAP RFC_SET_REG_SERVER_PROPERTY RFC Function Denial Of Service
=================
Vulnerability Class: Denial Of Service
===================
Release Date: 2007-04-03
============
Affected Applications:
======================2E SAP RFC Library 6.40
=2E SAP RFC Library 7.00
Affected Platforms:
==================
=2E AIX 32bit
=2E AIX 64bit
=2E HP-UX on IA64 64bit
=2E HP-UX on PA-RISC 64bit
=2E Linux on IA32 32bit
=2E Linux on IA64 64bit
=2E Linux on Power 64bit
=2E Linux on x86_64 64bit
=2E Linux on zSeries 64bit
=2E Mac OS
=2E OS/400
=2E OS/400 V5R2M0
=2E Reliant 32bit
=2E Solaris on SPARC 32bit
=2E Solaris on SPARC 64bit
=2E Solaris on x64_64 64bit
=2E TRU64 64bit
=2E Windows Server on IA32 32bit
=2E Windows Server on IA64 64bit
=2E Windows Server on x64 64bit
=2E z/OS 32bit
Local / Remote: Remote
==============
Severity: Medium
========
Author: Mariano Nu=F1ez Di Croce
======
Vendor Status: Confirmed. Updates Released.
=============
Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf
============================================
Product Overview:
================
"The RFC Library offers an interface to a SAP System. The RFC Library is the most commonly used and installed component of existing SAP Software. This
interface provides the opportunity to call any RFC Function in a SAP System from an external application. Moreover, the RFC Library offers the
possibility to write a RFC Server Program, which is accessible from any SAP System or external application. Most SAP Connectors use the RFC Library as
communication platform to SAP Systems."
RFC_SET_REG_SERVER_PROPERTY RFC function is used to set properties of externally registered RFC servers. This function is installed by default in
every external RFC server.
Vulnerability Description:
=========================
This function allows defining the exclusive use of an external registered RFC server, denying access to other clients.
Technical Details:
=================
Technical details will be released three months after publication of this pre-advisory. This was agreed upon with SAP to allow their customers to
upgrade affected software prior to technical knowledge been publicly available.
Impact:
======
This vulnerability may allow an attacker to remotely prevent licit clients to connect with external RFC servers.
Solutions:
=========
SAP has released patches to address this vulnerability. Affected customers should apply the patches immediately.
More information can be found on SAP Note 1005397.
Vendor Response:
===============
=2E 2006-11-21: Initial Vendor Contact.
=2E 2006-12-01: Vendor Confirmed Vulnerability.
=2E 2007-01-09: Vendor Releases Update for version 6.40.
=2E 2007-01-09: Vendor Releases Update for version 7.00.
=2E 2007-04-03: Pre-Advisory Public Disclosure.
Special Thanks:
==============
Thanks goes to Victor Montero and Gustavo Kunst.
Contact Information:
===================For more information regarding the vulnerability feel free to contact the author at mnunez