SAP NetWeaver 7.0/7.02/7.03 msg_server.exe Stack-based buffer overflow
|CVSSv2 Temp Score||Current Exploit Price|
A vulnerability was found in SAP NetWeaver 7.0/7.02/7.03 and classified as critical. Affected by this issue is an unknown function of the component msg_server.exe. The manipulation with an unknown input leads to a buffer overflow vulnerability (stack-based). Impacted is confidentiality, integrity, and availability. CVE summarizes:
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
The weakness was published 06/28/2012 by e6af8de8b1d4b2b6d5ba2610cbf9cd38 with Zero Day Initiative as ZDI-12-104 as confirmed advisory (ZDI). The advisory is shared for download at zerodayinitiative.com. The public release has been coordinated with the vendor. This vulnerability is handled as CVE-2012-4341 since 08/15/2012. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but a private exploit is available.
The vulnerability was handled as a non-public zero-day exploit for at least 244 days. During that time the estimated underground price was around $25k-$50k.
Applying a patch is able to eliminate this problem.
CVSSBase Score: 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) [?]
Temp Score: 8.1 (CVSS2#E:ND/RL:OF/RC:C) [?]
|Access Vector||Access Complexity||Authentication||Confidentiality||Integrity||Availability|
ExploitingClass: Buffer overflow (CWE-119)
Current Price Estimation:
Status: Official fix
0-Day Time: 244 days since found
Timeline10/28/2011 | Vendor informed
06/27/2012 | SecurityTracker entry created
06/28/2012 | Advisory disclosed
07/02/2012 | OSVDB entry created
07/04/2012 | VulDB entry created
08/15/2012 | CVE assigned
08/15/2012 | NVD disclosed
12/07/2015 | VulDB entry updated
Firma: Zero Day Initiative
CVE: CVE-2012-4341 (mitre.org) (nvd.nist.org) (cvedetails.com)
Secunia: 49744 - SAP NetWeaver Multiple Buffer Overflow Vulnerabilities, Moderately Critical
SecurityTracker: 1027211 - SAP NetWeaver ABAP Flaw in 'msg_server.exe' Lets Remote Users Execute Arbitrary Code
OSVDB: 83494 - SAP Netweaver msg_server.exe Multiple Boundary Error Package Handling Overflows
See also: 10310, 10987, 10990, 11001, 13005, 65515, 65565, 65566, 65569, 65759, 8450, 8451, 8630 , 9738
Entry: 87.1% complete