Details of VAR-201208-0222

ID

VAR-201208-0222

CVE

CVE-2012-4341

TITLE

SAP Netweaver ABAP 'msg_server.exe' Parameter name remote code execution vulnerability

Trust: 0.8

sources: IVD: 29348194-1f62-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3434

DESCRIPTION

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. NetWeaver ABAP is prone to a denial-of-service vulnerability

Trust: 5.31

sources: NVD: CVE-2012-4341 // JVNDB: JVNDB-2012-003710 // ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433 // BID: 78143 // IVD: 29348194-1f62-11e6-abef-000c29c66e3d // IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d // VULMON: CVE-2012-4341

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.6

sources: IVD: 29348194-1f62-11e6-abef-000c29c66e3d // IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	-	version:	-	Trust: 2.1
vendor:	sap	model:	netweaver abap	scope:	eq	version:	7.02	Trust: 1.6
vendor:	sap	model:	netweaver abap	scope:	eq	version:	7.0	Trust: 1.6
vendor:	sap	model:	netweaver abap	scope:	eq	version:	7.03	Trust: 1.6
vendor:	sap	model:	netweaver abap	scope:	-	version:	-	Trust: 1.2
vendor:	sap	model:	netweaver abap	scope:	eq	version:	7.x	Trust: 0.8
vendor:	sap	model:	netweaver abap null	scope:	eq	version:	*	Trust: 0.4
vendor:	sap	model:	netweaver abap sp4	scope:	eq	version:	7.03	Trust: 0.3
vendor:	sap	model:	netweaver abap sp6	scope:	eq	version:	7.02	Trust: 0.3
vendor:	sap	model:	netweaver abap sp2	scope:	eq	version:	7.0	Trust: 0.3

sources: IVD: 29348194-1f62-11e6-abef-000c29c66e3d // IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d // ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433 // BID: 78143 // JVNDB: JVNDB-2012-003710 // CNNVD: CNNVD-201208-264 // NVD: CVE-2012-4341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4341
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-4341
value:	HIGH
Trust: 0.8
ZDI:	ZDI-12-112
value:	HIGH
Trust: 0.7
ZDI:	ZDI-12-111
value:	HIGH
Trust: 0.7
ZDI:	ZDI-12-104
value:	HIGH
Trust: 0.7
CNNVD:	CNNVD-201208-264
value:	HIGH
Trust: 0.6
IVD:	29348194-1f62-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
IVD:	29fdb3de-1f62-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULMON:	CVE-2012-4341
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-4341
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ZDI:	ZDI-12-112
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
ZDI:	ZDI-12-111
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
ZDI:	ZDI-12-104
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
IVD:	29348194-1f62-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2
IVD:	29fdb3de-1f62-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 29348194-1f62-11e6-abef-000c29c66e3d // IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d // ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // VULMON: CVE-2012-4341 // JVNDB: JVNDB-2012-003710 // CNNVD: CNNVD-201208-264 // NVD: CVE-2012-4341

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2012-003710 // NVD: CVE-2012-4341

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201208-264 // CNNVD: CNNVD-201206-539

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201208-264

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003710

PATCH

title:	SAP has issued an update to correct this vulnerability.	url:	https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840	Trust: 1.4
title:	Acknowledgments to Security Researchers	url:	http://scn.sap.com/docs/DOC-8218	Trust: 0.8
title:	SAP NetWeaver	url:	http://www.sap.com/platform/netweaver/businessbenefits/customdevelopment.epx	Trust: 0.8
title:	SAP has issued an update to correct this vulnerability.	url:	https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838	Trust: 0.7
title:	SAP Netweaver ABAP 'msg_server.exe' parameter name patch for remote code execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/18435	Trust: 0.6
title:	SAP Netweaver ABAP 'msg_server.exe' patch for buffer overflow vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/18434	Trust: 0.6
title:	SAP NetWeaver ABAP Fixes for multiple stack-based buffer errors	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209631	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2012-4341	Trust: 0.1
title:	cve-search	url:	https://github.com/r3p3r/cve-search	Trust: 0.1
title:	cve-search-src	url:	https://github.com/extremenetworks/cve-search-src	Trust: 0.1
title:	-	url:	https://github.com/ZIEN-TF/z_iot_cve-search-api	Trust: 0.1
title:	-	url:	https://github.com/pgurudatta/cve-search	Trust: 0.1
title:	cve-search	url:	https://github.com/cve-search/cve-search	Trust: 0.1
title:	cve-search	url:	https://github.com/dim0niu/cve-search	Trust: 0.1
title:	cve-search	url:	https://github.com/swastik99/cve-search-master	Trust: 0.1
title:	cve	url:	https://github.com/zwei2008/cve	Trust: 0.1
title:	cve-search	url:	https://github.com/miradam/cve-search	Trust: 0.1
title:	modified_cve-search	url:	https://github.com/HR-CERT/modified_cve-search	Trust: 0.1
title:	cve-search	url:	https://github.com/swastik99/cve-search	Trust: 0.1
title:	cve-search-ng	url:	https://github.com/cve-search/cve-search-ng	Trust: 0.1

sources: ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433 // VULMON: CVE-2012-4341 // JVNDB: JVNDB-2012-003710 // CNNVD: CNNVD-201208-264

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4341	Trust: 2.8
db:	ZDI	id:	ZDI-12-112	Trust: 2.7
db:	ZDI	id:	ZDI-12-111	Trust: 2.7
db:	ZDI	id:	ZDI-12-104	Trust: 2.7
db:	SECTRACK	id:	1027211	Trust: 2.0
db:	SECUNIA	id:	49744	Trust: 1.7
db:	BID	id:	54229	Trust: 1.2
db:	CNVD	id:	CNVD-2012-3434	Trust: 0.8
db:	CNVD	id:	CNVD-2012-3433	Trust: 0.8
db:	JVNDB	id:	JVNDB-2012-003710	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-1396	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-1394	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-1395	Trust: 0.7
db:	BID	id:	54231	Trust: 0.6
db:	CNNVD	id:	CNNVD-201208-264	Trust: 0.6
db:	CNNVD	id:	CNNVD-201206-539	Trust: 0.6
db:	BID	id:	78143	Trust: 0.4
db:	IVD	id:	29348194-1F62-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	IVD	id:	29FDB3DE-1F62-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULMON	id:	CVE-2012-4341	Trust: 0.1

sources: IVD: 29348194-1f62-11e6-abef-000c29c66e3d // IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d // ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433 // VULMON: CVE-2012-4341 // BID: 78143 // JVNDB: JVNDB-2012-003710 // CNNVD: CNNVD-201208-264 // CNNVD: CNNVD-201206-539 // NVD: CVE-2012-4341

REFERENCES

url:	https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840	Trust: 2.1
url:	http://www.zerodayinitiative.com/advisories/zdi-12-111/	Trust: 2.0
url:	https://service.sap.com/sap/support/notes/1649838	Trust: 2.0
url:	http://www.securitytracker.com/id?1027211	Trust: 2.0
url:	http://scn.sap.com/docs/doc-8218	Trust: 2.0
url:	http://www.zerodayinitiative.com/advisories/zdi-12-104/	Trust: 2.0
url:	http://www.zerodayinitiative.com/advisories/zdi-12-112/	Trust: 2.0
url:	http://secunia.com/advisories/49744	Trust: 1.7
url:	https://websmp230.sap-ag.de/sap%28bd1lbizjptawmq==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840	Trust: 1.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4341	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4341	Trust: 0.8
url:	https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838	Trust: 0.7
url:	http://seclists.org/bugtraq/2012/jun/186	Trust: 0.6
url:	http://seclists.org/bugtraq/2012/jun/185	Trust: 0.6
url:	http://www.securityfocus.com/bid/54229	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2012-4341	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/78143	Trust: 0.1
url:	https://github.com/cve-search/cve-search	Trust: 0.1

sources: ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433 // VULMON: CVE-2012-4341 // BID: 78143 // JVNDB: JVNDB-2012-003710 // CNNVD: CNNVD-201208-264 // CNNVD: CNNVD-201206-539 // NVD: CVE-2012-4341

CREDITS

e6af8de8b1d4b2b6d5ba2610cbf9cd38

Trust: 2.7

sources: ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNNVD: CNNVD-201206-539

SOURCES

db:	IVD	id:	29348194-1f62-11e6-abef-000c29c66e3d
db:	IVD	id:	29fdb3de-1f62-11e6-abef-000c29c66e3d
db:	ZDI	id:	ZDI-12-112
db:	ZDI	id:	ZDI-12-111
db:	ZDI	id:	ZDI-12-104
db:	CNVD	id:	CNVD-2012-3434
db:	CNVD	id:	CNVD-2012-3433
db:	VULMON	id:	CVE-2012-4341
db:	BID	id:	78143
db:	JVNDB	id:	JVNDB-2012-003710
db:	CNNVD	id:	CNNVD-201208-264
db:	CNNVD	id:	CNNVD-201206-539
db:	NVD	id:	CVE-2012-4341

LAST UPDATE DATE

2024-09-15T23:06:18.338000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-12-112	date:	2012-06-28T00:00:00
db:	ZDI	id:	ZDI-12-111	date:	2012-06-28T00:00:00
db:	ZDI	id:	ZDI-12-104	date:	2012-06-27T00:00:00
db:	CNVD	id:	CNVD-2012-3434	date:	2012-07-02T00:00:00
db:	CNVD	id:	CNVD-2012-3433	date:	2012-07-02T00:00:00
db:	VULMON	id:	CVE-2012-4341	date:	2022-10-06T00:00:00
db:	BID	id:	78143	date:	2012-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2012-003710	date:	2012-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201208-264	date:	2022-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201206-539	date:	2012-07-02T00:00:00
db:	NVD	id:	CVE-2012-4341	date:	2023-11-07T02:11:50.587

SOURCES RELEASE DATE

db:	IVD	id:	29348194-1f62-11e6-abef-000c29c66e3d	date:	2012-07-02T00:00:00
db:	IVD	id:	29fdb3de-1f62-11e6-abef-000c29c66e3d	date:	2012-07-02T00:00:00
db:	ZDI	id:	ZDI-12-112	date:	2012-06-28T00:00:00
db:	ZDI	id:	ZDI-12-111	date:	2012-06-28T00:00:00
db:	ZDI	id:	ZDI-12-104	date:	2012-06-27T00:00:00
db:	CNVD	id:	CNVD-2012-3434	date:	2012-07-02T00:00:00
db:	CNVD	id:	CNVD-2012-3433	date:	2012-07-02T00:00:00
db:	VULMON	id:	CVE-2012-4341	date:	2012-08-15T00:00:00
db:	BID	id:	78143	date:	2012-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2012-003710	date:	2012-08-20T00:00:00
db:	CNNVD	id:	CNNVD-201208-264	date:	2012-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201206-539	date:	2012-06-28T00:00:00
db:	NVD	id:	CVE-2012-4341	date:	2012-08-15T21:55:05.353