Sign-up

ID

VAR-200704-0045


CVE

CVE-2007-1915


TITLE

SAP RFC Library of RFC_START_PROGRAM Buffer overflow vulnerability in functions

Trust: 0.8

sources: JVNDB: JVNDB-2007-005366

DESCRIPTION

Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. The SAP RFC Library is prone to an unspecified buffer-overflow issue and an information-disclosure issue. An attacker could exploit these issues to execute arbitrary code, cause the affected application to crash, or gain access to sensitive information. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: SAP RFC Library Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24722 VERIFY ADVISORY: http://secunia.com/advisories/24722/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From local network SOFTWARE: SAP RFC Library 7.x http://secunia.com/product/13851/ SAP RFC Library 6.x http://secunia.com/product/13850/ DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) The "RFC_SET_REG_SERVER_PROPERTY" RFC function allows to define the exclusive use of the RFC Server. This can be exploited to cause a DoS by denying access to other clients. 4) Two unspecified errors exist within the "RFC_START_PROGRAM" RFC function. 5) An error within the "TRUSTED_SYSTEM_SECURITY" function can be exploited to gain knowledge about existing user accounts and groups on a RFC server. Other versions may also be affected. SOLUTION: Reportedly, SAP released patches. PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-1915 // JVNDB: JVNDB-2007-005366 // BID: 23313 // VULHUB: VHN-25277 // PACKETSTORM: 55699

AFFECTED PRODUCTS

vendor:sapmodel:rfc libraryscope:eqversion:7.0

Trust: 1.0

vendor:sapmodel:rfc libraryscope:eqversion:6.4

Trust: 1.0

vendor:sapmodel:rfc libraryscope:eqversion:6.40 20061211

Trust: 0.8

vendor:sapmodel:rfc libraryscope:ltversion:7.00

Trust: 0.8

vendor:siemensmodel:reliant unixscope: - version: -

Trust: 0.6

vendor:sapmodel:rfc libraryscope:eqversion:7.00

Trust: 0.3

vendor:sapmodel:rfc libraryscope:eqversion:6.40

Trust: 0.3

sources: BID: 23313 // JVNDB: JVNDB-2007-005366 // CNNVD: CNNVD-200704-121 // NVD: CVE-2007-1915

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1915
value: HIGH

Trust: 1.0

NVD: CVE-2007-1915
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200704-121
value: HIGH

Trust: 0.6

VULHUB: VHN-25277
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-1915
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25277
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-25277 // JVNDB: JVNDB-2007-005366 // CNNVD: CNNVD-200704-121 // NVD: CVE-2007-1915

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1915

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-121

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200704-121

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-005366

PATCH
title:Top Pageurl:http://www.sap.com/index.epx
Trust: 0.8
title:SAP RFC Library RFC_START_PROGRAM Function information leakage and buffer error vulnerabilities repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163498
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2007-005366 // 
            
            
            
            CNNVD: CNNVD-200704-121

EXTERNAL IDS
db:NVDid:CVE-2007-1915
Trust: 2.8
db:BIDid:23313
Trust: 2.0
db:SECUNIAid:24722
Trust: 1.8
db:SREASONid:2538
Trust: 1.7
db:VUPENid:ADV-2007-1270
Trust: 1.7
db:JVNDBid:JVNDB-2007-005366
Trust: 0.8
db:CNNVDid:CNNVD-200704-121
Trust: 0.7
db:VULHUBid:VHN-25277
Trust: 0.1
db:PACKETSTORMid:55699
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25277 // 
            
            
            
            BID: 23313 // 
            
            
            
            JVNDB: JVNDB-2007-005366 // 
            
            
            
            PACKETSTORM: 55699 // 
            
            
            
            CNNVD: CNNVD-200704-121 // 
            
            
            
            NVD: CVE-2007-1915

REFERENCES
url:http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_start_program_rfc_function_multiple_vulnerabilities.pdf
Trust: 2.1
url:http://www.securityfocus.com/bid/23313
Trust: 1.7
url:http://www.securityfocus.com/archive/1/464678/100/0/threaded
Trust: 1.7
url:http://secunia.com/advisories/24722
Trust: 1.7
url:http://securityreason.com/securityalert/2538
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/1270
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/33421
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1915
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1915
Trust: 0.8
url:http://www.sap.com
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/13850/
Trust: 0.1
url:http://corporate.secunia.com/trial/38/request/
Trust: 0.1
url:http://secunia.com/product/13851/
Trust: 0.1
url:http://www.cybsec.com/vuln/cybsec-security_advisory_sap_trusted_system_security_rfc_function_information_disclosure.pdf
Trust: 0.1
url:http://secunia.com/advisories/24722/
Trust: 0.1
url:http://www.cybsec.com/vuln/cybsec-security_advisory_sap_system_create_instance_rfc_function_buffer_overflow.pdf
Trust: 0.1
url:http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_start_gui_rfc_function_buffer_overflow.pdf
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_set_reg_server_property_rfc_function_denial_of_service.pdf
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-25277 // 
            
            
            
            BID: 23313 // 
            
            
            
            JVNDB: JVNDB-2007-005366 // 
            
            
            
            PACKETSTORM: 55699 // 
            
            
            
            CNNVD: CNNVD-200704-121 // 
            
            
            
            NVD: CVE-2007-1915

CREDITS
Mariano Nuñez Di Croce※ mnunez@cybsec.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200704-121

SOURCES
db:VULHUBid:VHN-25277
db:BIDid:23313
db:JVNDBid:JVNDB-2007-005366
db:PACKETSTORMid:55699
db:CNNVDid:CNNVD-200704-121
db:NVDid:CVE-2007-1915

LAST UPDATE DATE
2024-11-23T21:57:14.507000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-25277date:2018-10-30T00:00:00
db:BIDid:23313date:2016-07-06T13:34:00
db:JVNDBid:JVNDB-2007-005366date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200704-121date:2021-09-23T00:00:00
db:NVDid:CVE-2007-1915date:2024-11-21T00:29:27.340

SOURCES RELEASE DATE
db:VULHUBid:VHN-25277date:2007-04-10T00:00:00
db:BIDid:23313date:2007-04-04T00:00:00
db:JVNDBid:JVNDB-2007-005366date:2012-12-20T00:00:00
db:PACKETSTORMid:55699date:2007-04-07T19:35:58
db:CNNVDid:CNNVD-200704-121date:2007-04-10T00:00:00
db:NVDid:CVE-2007-1915date:2007-04-10T23:19:00