SAP NetWeaver 7.0/7.02/7.03 msg_server.exe Stack-based buffer overflow
|CVSSv3 Temp Score||Current Exploit Price (≈)|
A vulnerability was found in SAP NetWeaver 7.0/7.02/7.03 and classified as critical. Affected by this issue is an unknown function of the component msg_server.exe. The manipulation with an unknown input leads to a buffer overflow vulnerability (stack-based). Impacted is confidentiality, integrity, and availability. CVE summarizes:
Multiple stack-based buffer overflows in msg_server.exe in SAP NetWeaver ABAP 7.x allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) long parameter value, (2) crafted string size field, or (3) long Parameter Name string in a package with opcode 0x43 and sub opcode 0x4 to TCP port 3900.
The weakness was published 06/28/2012 by e6af8de8b1d4b2b6d5ba2610cbf9cd38 with Zero Day Initiative as ZDI-12-104 as confirmed advisory (ZDI). The advisory is shared for download at zerodayinitiative.com. The public release has been coordinated with the vendor. This vulnerability is handled as CVE-2012-4341 since 08/15/2012. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but a private exploit is available. The structure of the vulnerability defines a possible price range of USD $2k-$5k at the moment.
The vulnerability was handled as a non-public zero-day exploit for at least 244 days. During that time the estimated underground price was around $25k-$50k.
Applying a patch is able to eliminate this problem.
CVSSv3Base Score: 10.0 [?]
Temp Score: 9.5 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:X/RL:O/RC:C [?]
CVSSv2Base Score: 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) [?]
Temp Score: 8.1 (CVSS2#E:ND/RL:OF/RC:C) [?]
ExploitingClass: Buffer overflow (CWE-119)
Current Price Estimation: $25k-$50k (0-day) / $2k-$5k (Today)
Status: Official fix
0-Day Time: 244 days since found
Timeline10/28/2011 Vendor informed
06/27/2012 +243 days SecurityTracker entry created
06/28/2012 +1 days Advisory disclosed
07/02/2012 +4 days OSVDB entry created
07/04/2012 +2 days VulDB entry created
08/15/2012 +42 days CVE assigned
08/15/2012 +0 days NVD disclosed
12/07/2015 +1209 days VulDB last update
Organization: Zero Day Initiative
CVE: CVE-2012-4341 (mitre.org) (nvd.nist.org) (cvedetails.com)
Secunia: 49744 - SAP NetWeaver Multiple Buffer Overflow Vulnerabilities, Moderately Critical
SecurityTracker: 1027211 - SAP NetWeaver ABAP Flaw in 'msg_server.exe' Lets Remote Users Execute Arbitrary Code
OSVDB: 83494 - SAP Netweaver msg_server.exe Multiple Boundary Error Package Handling Overflows
See also: 10310, 10987, 10990, 11001, 12312, 12314, 12315, 13005, 60737, 60738, 8450, 8451, 8630, 9738
Entry: 86.9% complete