[ERPSCAN-10-005] SAP Netweaver XRFC — Stack Overflow

DSECRG Advisories

Application: SAP BASIS
Versions Affected: SAP XRFC 6.40/7.00 may be others
Vendor URL: http://sap.com
Bugs: Stack Overflow
Exploits: YES (DoS PoC)
Reported: 29.03.2010
Vendor response: 29.03.2010
Date of Public Advisory: 09.11.2010
Author: Alexey Sintsov

It is possible to call stack overflow via RFC SOAP request. In common casedisp + work.exe (for Windows version) will be restarted. If there are regular SOAP requests then it is DoS. Code execution is quite possible.

Business Risk
A remote attacker or insider can send a malicious packet to SAP NetWeaver server through internet or inside a company and conduct a denial of service attack by memory corruption. This will stop server and all business processes running on it. It can lead to monetary and reputation loss. Attacker needs to have legal user credentials with any rights for conducting this attack. He can also use default credentials with known passwords.