[ERPSCAN-15-008] SAP Afaria 7 XcListener – Buffer overflow

Application: SAP Afaria 7.0.6001.5
Vendor URL: http://www.sap.com
Bugs: BoF
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 15.03.2015
Reference: SAP Security Note 2132584
Author: Vahagn Vardanyan (ERPScan)

Vulnerability information

Class: DoS [CWE-400]
Impact: DoS
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2015-2820

Business Risk

It is possible to use denial of service to terminate the process of the vulnerable component. As a result, nobody can use this service, which has a negative influence on business processes. System downtime also harms business reputation.

Description

An anonymous attacker can use a special request to crash the XcListener process on the server.

VULNERABLE PACKAGES
SAP Afaria 7
Other versions are probably affected too, but they were not checked.

Solutions and workarounds

A vulnerability has been discovered in certain landscape configurations of SAP Afaria that utilize XcListener for initiating client-to-server communications. SAP has released security patches for the vulnerable clients, Windows Mobile, Windows CE, and Windows. Windows Phone is not affected. SAP strongly recommends that customers patch their servers.

Patching instructions:

1) Download hotfix

  • SAP Afaria 7 SP5 Hotfix 8
  • SAP Afaria 7 SP4 Hotfix 16
    • 2) Apply server hotfix
      The server version of XcListener will be patched when the hotfix is applied. The clients will be updated through the Afaria ESD process as they connect to the server.

      Technical description

      An anonymous attacker can use a special request to crash the XcListener process on the server.

      Proof of concept

      Defense

      To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: