Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-16-024] SAP SQL Anywhere MobiLink Synchronization Server – buffer overflow vulnerability

Application: SAP SQL Anywhere MobiLink Synchronization Server 17
Vendor URL: SAP
Bug: Buffer overflow
Reported: 01.02.2016
Vendor response: 02.02.2016
Date of Public Advisory: 14.06.2016
Reference: SAP Security Note 2308778
Author: Vahagn Vardanyan(ERPScan)

VULNERABILITY INFORMATION

Class: Buffer overflow
Impact: Denial of Service, Uncontrolled Resource consumption, Resource Exhaustion
Remotely Exploitable: Yes
Locally Exploitable: No

CVSS Information

CVSS Base Score v3: 4.9 / 10
CVSS Base Vector:

AV: Attack Vector (Related exploit range) Network (N)
AC: Attack Complexity (Required attack complexity) Low (L)
PR: Privileges Required (Level of privileges needed to exploit) High (H)
UI: User Interaction (Required user participation) None (N)
S: Scope (Change in scope due to impact caused to components beyond the vulnerable component) Unchanged (U)
C: Impact to Confidentiality None (N)
I: Impact to Integrity None (N)
A: Impact to Availability High (H)

Description

An attacker can trigger a condition in which a process ceases to run. This condition can be intentionally provoked by the attacker to cause a denial of service.

Business risk

An attacker can use a Buffer overflow vulnerability to inject specially crafted code into a working memory which will be executed by a vulnerable application. Executed commands will run with the same privileges as the service that executed the command. It can lead to taking complete control of the application, denial of service, command execution, and other attacks. In case of command execution, the attacker can obtain critical technical and business-related information stored in a vulnerable SAP system or use it for privilege escalation. Speaking about denial of service, terminating a process of the vulnerable component is possible. For this time nobody can use this service, this fact negatively influences on business processes, system downtime and, as a result, business reputation.

VULNERABLE PACKAGES

SAP SQL Anywhere MobiLink Synchronization Server 17
Other versions are probably affected too, but they were not checked.

SOLUTIONS AND WORKAROUNDS

To correct this vulnerability, install SAP Security Note 2308778

TECHNICAL DESCRIPTION

Proof of Concept

import socket
PoC =

for i in range(5):
s = socket.socket()
s.settimeout(1)
s.connect((IP, PORT))
s.send(PoC)
result = s.recv(1024)
s.close()