[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS ALERT - 19/05 - NISCC Vulnerability Advisory 228614/NISCC/SAP



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
      UNIRAS (UK Govt CERT) ALERT - 19/05 dated 25.07.05  Time: 12:00  
 UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
NISCC Vulnerability Advisory 228614/NISCC/SAP


Detail
====== 

NISCC Vulnerability Advisory 228614/NISCC/SAP

Directory Traversal Issues with the SAP Internet Graphics Server Product

Version Information
- -------------------
Advisory Reference  228614/NISCC/SAP
Release Date	    25 July 2005
Last Revision	    18 July 2005
Version Number	    1.0

Acknowledgement
- ---------------
This issue was identified by Corsaire Ltd, a privately owned UK company.

What is affected?
- -----------------
The following versions of the product are affected:

- - SAP prior to version 6.40 Patch 11

Impact
- ------
If exploited, this vulnerability can result in unintended information disclosure.

Severity 
- --------
This is rated as high.

Summary
- -------
The Internet Graphics Server (IGS) is a subcomponent of the SAP R/3 enterprise environment, which
is also accessible over HTTP and contains minimalistic web server functionality.

The vulnerability is related to how the IGS product validates document paths that is passed to it.

The details of this issue were passed to SAP on the 5th July 2005; they have since addressed the
problem and have solutions available to rectify the flaw. Please see the 'Solution' section for
further details.

[Please note that revisions to this advisory will not be notified by email. All subscribers 
are advised to regularly check the NISCC website 
(http://www.niscc.gov.uk/niscc/vulnAdv-en.html) for updates to this notice.]

Details
- -------
CVE ID: CAN-2005-1691

By entering an HTTP document path that incorporates a directory traversal sequence to the IGS 
product, it is possible to access documents outside of the web root with the privileges of the 
user that was used to start the IGS service.

Mitigation
- ----------
To minimise the risk of this vulnerability, we suggest the following:

. Please ensure that the IGS product is not available externally

It is also possible to deactivate the IGS product completely; details on how this can be done are 
described in the SAP Note 862169. 

Solution
- --------
Please upgrade to the newest stable version of the software.

Vendor Information
- ------------------
Founded in 1972, SAP is headquartered in Walldorf, Germany. SAP is listed on several exchanges, 
including the Frankfurt Stock Exchange and the New York Stock Exchange, under the symbol "SAP."

For more information regarding SAP, please visit http://www.sap.com/.

Credits
- -------
This issue was discovered by Corsaire Ltd, who reported the issue to NISCC. The NISCC 
Vulnerability Team would also like to thank SAP for their co-operation in the handling of this vulnerability.

Contact Information
- -------------------
The NISCC Vulnerability Management Team can be contacted as follows:

Email	   vulteam@xxxxxxxxxxxx 
           Please quote the advisory reference in the subject line

Telephone  +44 (0)870 487 0748 Ext 4511
           Monday - Friday 08:30 - 17:00

Fax	   +44 (0)870 487 0749

Post	   Vulnerability Management Team
           NISCC
           PO Box 832
           London
           SW1P 1BG

We encourage those who wish to communicate via email to make use of our PGP key. This is 
available from http://www.niscc.gov.uk/niscc/publicKey2-en.pop.

Please note that UK government protectively marked material should not be sent to the email 
address above. 

If you wish to be added to our email distribution list please email your request to 
uniras@xxxxxxxxxxxxx
 
What is NISCC?
- --------------
For further information regarding the UK National Infrastructure Security Co-ordination 
Centre, please visit http://www.niscc.gov.uk.
 
Reference to any specific commercial product, process, or service by trade name, trademark 
manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or 
favouring by NISCC. The views and opinions of authors expressed within this notice shall not 
be used for advertising or product endorsement purposes.

Neither shall NISCC accept responsibility for any errors or omissions contained within 
this advisory. In particular, they shall not be liable for any loss or damage whatsoever, 
arising from or in connection with the usage of information contained within this notice.

C 2005 Crown Copyright 
<End of NISCC Vulnerability Advisory>


- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of NISCC Vulnerability Team for 
the information contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQuTGhYpao72zK539AQHIeQP/ZlkaK7mMcisReXLeup9dnpa/pT+Hrdqh
ffjXnqV7jcTv7xIwYtocZMIbZ6xTeUprICBktGVi4jm3kCmOPLcq3myXBp15Hj1V
tjbakTPV44x+rjJqpAiZdSojtL/o4keb3qKG9c5WXjwUwao9aa0d6Hgv5Kn/ci8g
f033QRocLHQ=
=7A7d
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________