ID

VAR-201208-0222


CVE

CVE-2012-4341


TITLE

SAP Netweaver ABAP 'msg_server.exe' Parameter name remote code execution vulnerability

Trust: 0.8

sources: IVD: 29348194-1f62-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3434

DESCRIPTION

Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Netweaver ABAP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msg_server.exe listening on 3900 by default. When the msg_server parses a message with opcode 0x43 and sub-opcode 0x04 it uses a user suplied size field to copy a string into a static sized stack buffer. The resulting buffer overflow can lead to remote code execution under the context of the process. Authentication is not required to exploit this vulnerability.The specific flaw exists within the way SAP NetWeaver handles packages with opcode 0x43. SAP NetWeaver has a defect in the message with the opcode 0x43. SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. Msg_server.exe listens to port 3900 by default. Arbitrary code. NetWeaver ABAP is prone to a denial-of-service vulnerability

Trust: 5.31

sources: NVD: CVE-2012-4341 // JVNDB: JVNDB-2012-003710 // ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433 // BID: 78143 // IVD: 29348194-1f62-11e6-abef-000c29c66e3d // IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d // VULMON: CVE-2012-4341

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.6

sources: IVD: 29348194-1f62-11e6-abef-000c29c66e3d // IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433

AFFECTED PRODUCTS

vendor:sapmodel:netweaverscope: - version: -

Trust: 2.1

vendor:sapmodel:netweaver abapscope:eqversion:7.02

Trust: 1.6

vendor:sapmodel:netweaver abapscope:eqversion:7.0

Trust: 1.6

vendor:sapmodel:netweaver abapscope:eqversion:7.03

Trust: 1.6

vendor:sapmodel:netweaver abapscope: - version: -

Trust: 1.2

vendor:sapmodel:netweaver abapscope:eqversion:7.x

Trust: 0.8

vendor:sapmodel:netweaver abap nullscope:eqversion:*

Trust: 0.4

vendor:sapmodel:netweaver abap sp4scope:eqversion:7.03

Trust: 0.3

vendor:sapmodel:netweaver abap sp6scope:eqversion:7.02

Trust: 0.3

vendor:sapmodel:netweaver abap sp2scope:eqversion:7.0

Trust: 0.3

sources: IVD: 29348194-1f62-11e6-abef-000c29c66e3d // IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d // ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433 // BID: 78143 // JVNDB: JVNDB-2012-003710 // CNNVD: CNNVD-201208-264 // NVD: CVE-2012-4341

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4341
value: HIGH

Trust: 1.0

NVD: CVE-2012-4341
value: HIGH

Trust: 0.8

ZDI: ZDI-12-112
value: HIGH

Trust: 0.7

ZDI: ZDI-12-111
value: HIGH

Trust: 0.7

ZDI: ZDI-12-104
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201208-264
value: HIGH

Trust: 0.6

IVD: 29348194-1f62-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULMON: CVE-2012-4341
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-4341
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

ZDI: ZDI-12-112
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

ZDI: ZDI-12-111
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

ZDI: ZDI-12-104
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

IVD: 29348194-1f62-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: 29348194-1f62-11e6-abef-000c29c66e3d // IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d // ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // VULMON: CVE-2012-4341 // JVNDB: JVNDB-2012-003710 // CNNVD: CNNVD-201208-264 // NVD: CVE-2012-4341

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2012-003710 // NVD: CVE-2012-4341

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201208-264 // CNNVD: CNNVD-201206-539

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201208-264

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003710

PATCH

title:SAP has issued an update to correct this vulnerability.url:https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840

Trust: 1.4

title:Acknowledgments to Security Researchersurl:http://scn.sap.com/docs/DOC-8218

Trust: 0.8

title:SAP NetWeaverurl:http://www.sap.com/platform/netweaver/businessbenefits/customdevelopment.epx

Trust: 0.8

title:SAP has issued an update to correct this vulnerability.url:https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838

Trust: 0.7

title:SAP Netweaver ABAP 'msg_server.exe' parameter name patch for remote code execution vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/18435

Trust: 0.6

title:SAP Netweaver ABAP 'msg_server.exe' patch for buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/18434

Trust: 0.6

title:SAP NetWeaver ABAP Fixes for multiple stack-based buffer errorsurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209631

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2012-4341

Trust: 0.1

title:cve-searchurl:https://github.com/r3p3r/cve-search

Trust: 0.1

title:cve-search-srcurl:https://github.com/extremenetworks/cve-search-src

Trust: 0.1

title: - url:https://github.com/ZIEN-TF/z_iot_cve-search-api

Trust: 0.1

title: - url:https://github.com/pgurudatta/cve-search

Trust: 0.1

title:cve-searchurl:https://github.com/cve-search/cve-search

Trust: 0.1

title:cve-searchurl:https://github.com/dim0niu/cve-search

Trust: 0.1

title:cve-searchurl:https://github.com/swastik99/cve-search-master

Trust: 0.1

title:cveurl:https://github.com/zwei2008/cve

Trust: 0.1

title:cve-searchurl:https://github.com/miradam/cve-search

Trust: 0.1

title:modified_cve-searchurl:https://github.com/HR-CERT/modified_cve-search

Trust: 0.1

title:cve-searchurl:https://github.com/swastik99/cve-search

Trust: 0.1

title:cve-search-ngurl:https://github.com/cve-search/cve-search-ng

Trust: 0.1

sources: ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433 // VULMON: CVE-2012-4341 // JVNDB: JVNDB-2012-003710 // CNNVD: CNNVD-201208-264

EXTERNAL IDS

db:NVDid:CVE-2012-4341

Trust: 2.8

db:ZDIid:ZDI-12-112

Trust: 2.7

db:ZDIid:ZDI-12-111

Trust: 2.7

db:ZDIid:ZDI-12-104

Trust: 2.7

db:SECTRACKid:1027211

Trust: 2.0

db:SECUNIAid:49744

Trust: 1.7

db:BIDid:54229

Trust: 1.2

db:CNVDid:CNVD-2012-3434

Trust: 0.8

db:CNVDid:CNVD-2012-3433

Trust: 0.8

db:JVNDBid:JVNDB-2012-003710

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-1396

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-1394

Trust: 0.7

db:ZDI_CANid:ZDI-CAN-1395

Trust: 0.7

db:BIDid:54231

Trust: 0.6

db:CNNVDid:CNNVD-201208-264

Trust: 0.6

db:CNNVDid:CNNVD-201206-539

Trust: 0.6

db:BIDid:78143

Trust: 0.4

db:IVDid:29348194-1F62-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:IVDid:29FDB3DE-1F62-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULMONid:CVE-2012-4341

Trust: 0.1

sources: IVD: 29348194-1f62-11e6-abef-000c29c66e3d // IVD: 29fdb3de-1f62-11e6-abef-000c29c66e3d // ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433 // VULMON: CVE-2012-4341 // BID: 78143 // JVNDB: JVNDB-2012-003710 // CNNVD: CNNVD-201208-264 // CNNVD: CNNVD-201206-539 // NVD: CVE-2012-4341

REFERENCES

url:https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649840

Trust: 2.1

url:http://www.zerodayinitiative.com/advisories/zdi-12-111/

Trust: 2.0

url:https://service.sap.com/sap/support/notes/1649838

Trust: 2.0

url:http://www.securitytracker.com/id?1027211

Trust: 2.0

url:http://scn.sap.com/docs/doc-8218

Trust: 2.0

url:http://www.zerodayinitiative.com/advisories/zdi-12-104/

Trust: 2.0

url:http://www.zerodayinitiative.com/advisories/zdi-12-112/

Trust: 2.0

url:http://secunia.com/advisories/49744

Trust: 1.7

url:https://websmp230.sap-ag.de/sap%28bd1lbizjptawmq==%29/bc/bsp/spn/sapnotes/index2.htm?numm=1649840

Trust: 1.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4341

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4341

Trust: 0.8

url:https://websmp230.sap-ag.de/sap(bd1lbizjptawmq==)/bc/bsp/spn/sapnotes/index2.htm?numm=1649838

Trust: 0.7

url:http://seclists.org/bugtraq/2012/jun/186

Trust: 0.6

url:http://seclists.org/bugtraq/2012/jun/185

Trust: 0.6

url:http://www.securityfocus.com/bid/54229

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2012-4341

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.securityfocus.com/bid/78143

Trust: 0.1

url:https://github.com/cve-search/cve-search

Trust: 0.1

sources: ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNVD: CNVD-2012-3434 // CNVD: CNVD-2012-3433 // VULMON: CVE-2012-4341 // BID: 78143 // JVNDB: JVNDB-2012-003710 // CNNVD: CNNVD-201208-264 // CNNVD: CNNVD-201206-539 // NVD: CVE-2012-4341

CREDITS

e6af8de8b1d4b2b6d5ba2610cbf9cd38

Trust: 2.7

sources: ZDI: ZDI-12-112 // ZDI: ZDI-12-111 // ZDI: ZDI-12-104 // CNNVD: CNNVD-201206-539

SOURCES

db:IVDid:29348194-1f62-11e6-abef-000c29c66e3d
db:IVDid:29fdb3de-1f62-11e6-abef-000c29c66e3d
db:ZDIid:ZDI-12-112
db:ZDIid:ZDI-12-111
db:ZDIid:ZDI-12-104
db:CNVDid:CNVD-2012-3434
db:CNVDid:CNVD-2012-3433
db:VULMONid:CVE-2012-4341
db:BIDid:78143
db:JVNDBid:JVNDB-2012-003710
db:CNNVDid:CNNVD-201208-264
db:CNNVDid:CNNVD-201206-539
db:NVDid:CVE-2012-4341

LAST UPDATE DATE

2024-11-22T22:49:17.819000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-12-112date:2012-06-28T00:00:00
db:ZDIid:ZDI-12-111date:2012-06-28T00:00:00
db:ZDIid:ZDI-12-104date:2012-06-27T00:00:00
db:CNVDid:CNVD-2012-3434date:2012-07-02T00:00:00
db:CNVDid:CNVD-2012-3433date:2012-07-02T00:00:00
db:VULMONid:CVE-2012-4341date:2022-10-06T00:00:00
db:BIDid:78143date:2012-08-15T00:00:00
db:JVNDBid:JVNDB-2012-003710date:2012-08-20T00:00:00
db:CNNVDid:CNNVD-201208-264date:2022-10-08T00:00:00
db:CNNVDid:CNNVD-201206-539date:2012-07-02T00:00:00
db:NVDid:CVE-2012-4341date:2023-11-07T02:11:50.587

SOURCES RELEASE DATE

db:IVDid:29348194-1f62-11e6-abef-000c29c66e3ddate:2012-07-02T00:00:00
db:IVDid:29fdb3de-1f62-11e6-abef-000c29c66e3ddate:2012-07-02T00:00:00
db:ZDIid:ZDI-12-112date:2012-06-28T00:00:00
db:ZDIid:ZDI-12-111date:2012-06-28T00:00:00
db:ZDIid:ZDI-12-104date:2012-06-27T00:00:00
db:CNVDid:CNVD-2012-3434date:2012-07-02T00:00:00
db:CNVDid:CNVD-2012-3433date:2012-07-02T00:00:00
db:VULMONid:CVE-2012-4341date:2012-08-15T00:00:00
db:BIDid:78143date:2012-08-15T00:00:00
db:JVNDBid:JVNDB-2012-003710date:2012-08-20T00:00:00
db:CNNVDid:CNNVD-201208-264date:2012-08-16T00:00:00
db:CNNVDid:CNNVD-201206-539date:2012-06-28T00:00:00
db:NVDid:CVE-2012-4341date:2012-08-15T21:55:05.353