Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

[ERPSCAN-15-003] SAPKERNEL C_SAPGPARAM – RCE, DoS

Application: SAP NetWeaver Dispatcher
Versions Affected: SAP KERNEL 7.00 32BIT, disp+work.exe (7000.52.12.34966), SAP KERNEL 7.40 64BIT, disp+work.exe (7400.12.21.30308)
Vendor URL: http://www.sap.com
Bugs: Buffer Overflow
Reported: 17.08.2014
Vendor response: 18.08.2014
Date of Public Advisory: 15.02.2015
Reference: SAP Security Note 2063369
Authors: George Nosenko (ERPScan)

VULNERABILITY INFORMATION
Class: Buffer overflow [CWE-119], [CWE-20]
Impact: Allows an unauthorized attacker to execute remote code
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2015-2815

Business Risk
An attacker can use a Buffer Overflow vulnerability for injecting specially crafted code into working memory. The code will be executed by the vulnerable application. Executed commands will run with the same privileges as the service that executed them. This can lead to taking complete control over the application, denial of service, command execution, and other attacks. In case of command execution, the attacker can obtain critical technical and business-related information stored on the vulnerable SAP system, or escalate their privileges. If denial of service happens, the process of the vulnerable component can be terminated. Nobody will be able to use this service, which negatively influences business processes, system downtime, and business reputation.

Description
The vulnerability in SAP NetWeaver Dispatcher can allow an authenticated remote attacker to execute arbitrary code or lead to denial of service conditions.

VULNERABLE PACKAGES

  • SAP KERNEL 7.00 32BIT, disp+work.exe (7000.52.12.34966)
  • SAP KERNEL 7.40 64BIT, disp+work.exe (7400.12.21.30308)

Other versions are probably affected too, but they were not checked.

SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, install SAP Security Note 2063369.

TECHNICAL DESCRIPTION
The vulnerability in SAP NetWeaver Dispatcher can allow an authenticated remote attacker to execute arbitrary code. It can also lead to denial of service.

Defense

To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: