Application: SAP NetWeaver
Versions Affected: SAP NetWeaver 7.0-7.5
Vendor URL: SAP
Bugs: buffer overflow
Vendor response: 10.03.2016
Date of Public Advisory: 12.07.2016
Reference: SAP Security Note 2295238
Author: Dmitry Yudin (ERPScan)
This vulnerability allows an attacker to send a special request to the SAPSTARTSRV process port and conduct stack buffer overflow (recursion) on the SAP server.
An attacker can use Buffer overflow vulnerability to inject a specially crafted code into a working memory which will be executed by a vulnerable application. Executed commands will run with the same privileges as a service that executed a command. This can lead to taking complete control of an application, denial of service, command execution, and other attacks. In case of command execution, an attacker can obtain critical technical and business-related information stored in a vulnerable SAP-system or use it for privilege escalation. Speaking about denial of service, terminating a process of a vulnerable component is possible. For this time nobody can use this service, this fact negatively influences on business processes, system downtime and business reputation as result.