TITLE: SAP Business Connector Arbitrary File Access and Spoofing SECUNIA ADVISORY ID: SA18880 VERIFY ADVISORY: http://secunia.com/advisories/18880/ CRITICAL: Moderately critical IMPACT: Spoofing, Manipulation of data WHERE: >From remote SOFTWARE: SAP Business Connector 4.x http://secunia.com/product/7871/ DESCRIPTION: Leandro Meiners has reported two vulnerabilities in SAP Business Connect (BC), which can be exploited by malicious people to conduct spoofing attacks or by malicious users to perform certain actions with escalated privileges. 1) An unspecified error can be exploited to read or delete arbitrary files on the system with privileges of the SAP BC process. The BC process reportedly runs with administrator privileges on Windows systems and with root privileges on UNIX systems by default. The vulnerability has been reported in versions 4.6 and 4.7. 2) An unspecified error can be exploited to conduct spoofing attacks against the SAP BC administrator by e.g. tricking the administrator to click on a link that loads the spoofed web site within a HTML frame. The vulnerability has been reported in SAP BC Core Fix 7 and prior. SOLUTION: The vendor has reportedly released fixes for the vulnerabilities. See SAP note 906401 and 908349 for details. PROVIDED AND/OR DISCOVERED BY: Leandro Meiners, Cybsec S.A. ORIGINAL ADVISORY: http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Arbitrary_File_Read_or_Delete_in_SAP_BC.pdf http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Phishing_Vector_in_SAP_BC.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------