SAP NetWeaver SAPHostControl Command Injection
Added: 08/29/2012BID: 55084
OSVDB: 84821
Background
SAP NetWeaver is a technology platform for building and integrating SAP business applications.Problem
The NetWeaver management console exposes an authenticated SOAP web service interface. During the authentication phase, user-supplied values within in the SOAP request are passed as parameters to a child process. In NetWeaver 7.02 and prior, the parameters are not properly validated and may allow an attacker to execute arbitrary commands on the server.Resolution
An update is available through the SAP customer portal. Please see SAP Security Note 1341333 (login required).References
http://www.contextis.com/research/blog/sap4/Limitations
This exploit has been tested against SAP NetWeaver 7.02 SP06 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 (DEP OptOut).Platforms
WindowsBack to exploit index


