[ERPSCAN-11-031] SAP RFC EPS_DELETE_FILE — Authorisation bypass, smbrelay

DSECRG Advisories
Application: SAP NetWeaver ABAP
Versions Affected: SAP NetWeaver ABAP
Vendor URL: http://www.sap.com
Bugs:Auth bypass, directory traversal, smbrelay
Exploits: YES
Reported: 15.01.2011
Vendor response: 25.01.2011
Date of Public Advisory: 22.08.2011
Author: Alexey Sintsov

Security vulnerability was founded in sap EPS_DELETE_FILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack.

Business Risk
Attacker execute vulnerable transaction, programm or RFC function remotely without authentication because authorisation check is missing. It can lead to different threads from information disclose to full system compromise.