Details of VAR-201206-0415

ID

VAR-201206-0415

TITLE

SAP Netweaver ABAP 'msg_server.exe' Remote code execution vulnerability

Trust: 1.1

sources: IVD: 9f64e840-1f62-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3417 // BID: 54214

DESCRIPTION

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP NetWeaver has a defect in the message with the opcode 0x43. If the message with sub opcode 0x4 contains a very long parameter value string, NetWeaver will eventually write the \\x00 byte to the end of the tag string in the stack, and the user-supplied input since the NULL byte position provides a very long Values can cause stack corruption and can execute arbitrary code in the context of a process. SAP Netweaver ABAP is prone to a remote code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition

Trust: 0.99

sources: CNVD: CNVD-2012-3417 // BID: 54214 // IVD: 9f64e840-1f62-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 9f64e840-1f62-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3417

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver abap	scope:	-	version:	-	Trust: 0.6
vendor:	sap	model:	netweaver abap	scope:	eq	version:	0	Trust: 0.3
vendor:	sap	model:	netweaver abap null	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 9f64e840-1f62-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3417 // BID: 54214

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	9f64e840-1f62-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

IVD:	9f64e840-1f62-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 9f64e840-1f62-11e6-abef-000c29c66e3d

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201206-524

TYPE

Unknown

Trust: 0.3

sources: BID: 54214

PATCH

title:

SAP Netweaver ABAP 'msg_server.exe' patch for remote code execution vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/18400

Trust: 0.6

sources: CNVD: CNVD-2012-3417

EXTERNAL IDS

db:	BID	id:	54214	Trust: 1.5
db:	CNVD	id:	CNVD-2012-3417	Trust: 0.8
db:	CNNVD	id:	CNNVD-201206-524	Trust: 0.6
db:	IVD	id:	9F64E840-1F62-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 9f64e840-1f62-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3417 // BID: 54214 // CNNVD: CNNVD-201206-524

REFERENCES

url:	http://seclists.org/bugtraq/2012/jun/174	Trust: 0.6
url:	http://www.securityfocus.com/bid/54214	Trust: 0.6
url:	http://www.sap.com/platform/netweaver/index.epx	Trust: 0.3

sources: CNVD: CNVD-2012-3417 // BID: 54214 // CNNVD: CNNVD-201206-524

CREDITS

e6af8de8b1d4b2b6d5ba2610cbf9cd38

Trust: 0.9

sources: BID: 54214 // CNNVD: CNNVD-201206-524

SOURCES

db:	IVD	id:	9f64e840-1f62-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2012-3417
db:	BID	id:	54214
db:	CNNVD	id:	CNNVD-201206-524

LAST UPDATE DATE

2022-05-17T02:01:16.990000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-3417	date:	2012-06-29T00:00:00
db:	BID	id:	54214	date:	2012-06-27T00:00:00
db:	CNNVD	id:	CNNVD-201206-524	date:	2012-06-29T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	9f64e840-1f62-11e6-abef-000c29c66e3d	date:	2012-06-29T00:00:00
db:	CNVD	id:	CNVD-2012-3417	date:	2012-06-29T00:00:00
db:	BID	id:	54214	date:	2012-06-27T00:00:00
db:	CNNVD	id:	CNNVD-201206-524	date:	2012-06-29T00:00:00