SAP^® and Oracle^® Security Advisories

SAPStartSrv – Pre-auth buffer overflow Impact On Business If parameter service/localconnection = compat : Remotely, an unauthenticated attacker could use it to execute arbitrary commands on the OS side as NT System or root users. If parameter service/localconnection is not set : Locally, an authenticated attacker with low privileges could use it to execute arbitrary…

SAPStartSrv – Pre-auth OS Command injection as root or system Impact On Business If parameter service/localconnection = compat : Remotely, an unauthenticated attacker could use it to execute arbitrary commands on the OS side as system administrator (root or SYSTEM) If parameter service/localconnection is not set : Locally, an authenticated attacker with low privileges could…

SAP Host Agent – SAPOscol Namespace – Missing authentication Impact On Business Successful attacks lead to information disclosure as well as extend the scope for an attacker. Affected Components Description The SAP Host Agent can accomplish several life-cycle tasks like : operating system monitoring, database monitoring, system instance control or upgrade preparation. Installed automatically during…

SAP Host Agent – sapstartsrv – OOB memory access in MsIGetProfileValue Impact On Business Remotely exploitable, without authentication, attacker could perform DOS against all sapstartsrv service. Lead to direct impact on availability for this service and signifiant availability issues for the SAP system. Affected Components Description The SAP Host Agent can accomplish several life-cycle tasks…

SAP Host Agent – Credential Exposure Through Log Files Impact On Business By exploiting this vulnerability a malicious low-privileged user can retrieve SDA credential (sapadm) as well as few technical SAP Netweaver credentials (like FRN_DPC_SID or FRN_CSA_SID), then used them to login into the SAP Netweaver or into the SDA and perform malicious or sensitive…