Details of VAR-200704-0048

ID

VAR-200704-0048

CVE

CVE-2007-1918

TITLE

SAP RFC Library of RFC_SET_REG_SERVER_PROPERTY Service disruption in functions (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-005369

DESCRIPTION

The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. The SAP RFC Library is prone to a remote denial-of-service vulnerability. ---------------------------------------------------------------------- Secunia customers receive relevant and filtered advisories. Delivery is done via different channels including SMS, Email, Web, and https based XML feed. http://corporate.secunia.com/trial/38/request/ ---------------------------------------------------------------------- TITLE: SAP RFC Library Multiple Vulnerabilities SECUNIA ADVISORY ID: SA24722 VERIFY ADVISORY: http://secunia.com/advisories/24722/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information, DoS, System access WHERE: >From local network SOFTWARE: SAP RFC Library 7.x http://secunia.com/product/13851/ SAP RFC Library 6.x http://secunia.com/product/13850/ DESCRIPTION: Mariano Nu\xf1ez Di Croce has reported some vulnerabilities in SAP RFC Library, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. This can be exploited to cause a DoS by denying access to other clients. 2) An unspecified buffer overflow exists within the "SYSTEM_CREATE_INSTANCE" RFC function, which can be exploited to execute arbitrary code. 3) An unspecified buffer overflow exists within the "RFC_START_GUI" RFC function, which can be exploited to execute arbitrary code. 4) Two unspecified errors exist within the "RFC_START_PROGRAM" RFC function. These can be exploited to gain knowledge about the RFC server's configuration or execute arbitrary code. 5) An error within the "TRUSTED_SYSTEM_SECURITY" function can be exploited to gain knowledge about existing user accounts and groups on a RFC server. Other versions may also be affected. SOLUTION: Reportedly, SAP released patches. PROVIDED AND/OR DISCOVERED BY: Mariano Nu\xf1ez Di Croce ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_SET_REG_SERVER_PROPERTY_RFC_Function_Denial_of_Service.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_GUI_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_RFC_START_PROGRAM_RFC_Function_Multiple_Vulnerabilities.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_SYSTEM_CREATE_INSTANCE_RFC_Function_Buffer_Overflow.pdf http://www.cybsec.com/vuln/CYBSEC-Security_Advisory_SAP_TRUSTED_SYSTEM_SECURITY_RFC_Function_Information_Disclosure.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-1918 // JVNDB: JVNDB-2007-005369 // BID: 23309 // VULHUB: VHN-25280 // PACKETSTORM: 55699

AFFECTED PRODUCTS

vendor:	sap	model:	rfc library	scope:	eq	version:	7.0	Trust: 1.0
vendor:	sap	model:	rfc library	scope:	eq	version:	6.4	Trust: 1.0
vendor:	sap	model:	rfc library	scope:	eq	version:	6.40 20070109	Trust: 0.8
vendor:	sap	model:	rfc library	scope:	lt	version:	7.00	Trust: 0.8
vendor:	siemens	model:	reliant unix	scope:	-	version:	-	Trust: 0.6
vendor:	sap	model:	rfc library	scope:	eq	version:	7.00	Trust: 0.3
vendor:	sap	model:	rfc library	scope:	eq	version:	6.40	Trust: 0.3

sources: BID: 23309 // JVNDB: JVNDB-2007-005369 // CNNVD: CNNVD-200704-136 // NVD: CVE-2007-1918

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-1918
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-1918
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200704-136
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-25280
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-1918
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-25280
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-25280 // JVNDB: JVNDB-2007-005369 // CNNVD: CNNVD-200704-136 // NVD: CVE-2007-1918

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1918

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200704-136

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200704-136

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-005369

PATCH

title:	Top Page	url:	http://www.sap.com/index.epx	Trust: 0.8
title:	SAP RFC_SET_REG_SERVER_PROPERTY Fixes for function denial of service vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163497	Trust: 0.6

sources: JVNDB: JVNDB-2007-005369 // CNNVD: CNNVD-200704-136

EXTERNAL IDS

db:	NVD	id:	CVE-2007-1918	Trust: 2.5
db:	BID	id:	23309	Trust: 2.0
db:	SECUNIA	id:	24722	Trust: 1.8
db:	SREASON	id:	2540	Trust: 1.7
db:	VUPEN	id:	ADV-2007-1270	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-005369	Trust: 0.8
db:	CNNVD	id:	CNNVD-200704-136	Trust: 0.7
db:	VULHUB	id:	VHN-25280	Trust: 0.1
db:	PACKETSTORM	id:	55699	Trust: 0.1

sources: VULHUB: VHN-25280 // BID: 23309 // JVNDB: JVNDB-2007-005369 // PACKETSTORM: 55699 // CNNVD: CNNVD-200704-136 // NVD: CVE-2007-1918

REFERENCES

url:	http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_set_reg_server_property_rfc_function_denial_of_service.pdf	Trust: 1.8
url:	http://www.securityfocus.com/bid/23309	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/464685/100/0/threaded	Trust: 1.7
url:	http://secunia.com/advisories/24722	Trust: 1.7
url:	http://securityreason.com/securityalert/2540	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2007/1270	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/33418	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1918	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1918	Trust: 0.8
url:	http://www.sap.com	Trust: 0.3
url:	/archive/1/464685	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/13850/	Trust: 0.1
url:	http://corporate.secunia.com/trial/38/request/	Trust: 0.1
url:	http://secunia.com/product/13851/	Trust: 0.1
url:	http://www.cybsec.com/vuln/cybsec-security_advisory_sap_trusted_system_security_rfc_function_information_disclosure.pdf	Trust: 0.1
url:	http://secunia.com/advisories/24722/	Trust: 0.1
url:	http://www.cybsec.com/vuln/cybsec-security_advisory_sap_system_create_instance_rfc_function_buffer_overflow.pdf	Trust: 0.1
url:	http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_start_gui_rfc_function_buffer_overflow.pdf	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://www.cybsec.com/vuln/cybsec-security_advisory_sap_rfc_start_program_rfc_function_multiple_vulnerabilities.pdf	Trust: 0.1

sources: VULHUB: VHN-25280 // BID: 23309 // JVNDB: JVNDB-2007-005369 // PACKETSTORM: 55699 // CNNVD: CNNVD-200704-136 // NVD: CVE-2007-1918

CREDITS

Mariano Nuñez Di Croce※ mnunez@cybsec.com

Trust: 0.6

sources: CNNVD: CNNVD-200704-136

SOURCES

db:	VULHUB	id:	VHN-25280
db:	BID	id:	23309
db:	JVNDB	id:	JVNDB-2007-005369
db:	PACKETSTORM	id:	55699
db:	CNNVD	id:	CNNVD-200704-136
db:	NVD	id:	CVE-2007-1918

LAST UPDATE DATE

2024-08-14T13:59:56.890000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-25280	date:	2018-10-30T00:00:00
db:	BID	id:	23309	date:	2007-04-05T19:52:00
db:	JVNDB	id:	JVNDB-2007-005369	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200704-136	date:	2021-09-23T00:00:00
db:	NVD	id:	CVE-2007-1918	date:	2021-09-22T14:22:17.527

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-25280	date:	2007-04-10T00:00:00
db:	BID	id:	23309	date:	2007-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2007-005369	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	55699	date:	2007-04-07T19:35:58
db:	CNNVD	id:	CNNVD-200704-136	date:	2007-04-10T00:00:00
db:	NVD	id:	CVE-2007-1918	date:	2007-04-10T23:19:00