-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
(The following advisory is also available in PDF format for download at:
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_B
uffer_Overflow.pdf )
CYBSEC S.A.
www.cybsec.com
http://www.cybsec.com/vulnerability_policy.pdf
"The IGS provides a server architecture where data from an SAP System or other sources can be used to generate graphical or non-graphical output."
It is important to note that IGS is installed and activated by default with the Web Application Server (versions >= 6.30)
A specially crafted HTTP request can trigger a remote buffer overflow in SAP IGS service.
Technical details will be released three months after publication of this pre-advisory. This was agreed upon with SAP to allow their customers to upgrade affected software prior to technical knowledge
been publicly available.
Under UNIX systems, successful exploitation of this vulnerability may allow an attacker to execute remote code with the privileges of the SAP System Administrator account (<SID>adm), allowing him to
take full control of the SAP system installation.
Under Microsoft Windows systems, successful exploitation of this vulnerability may allow an attacker to execute remote code with the privileges of the LocalSystem account, allowing him to take full
control of the entire system.
SAP has released patches to address this vulnerability. Affected customers should apply the patches immediately.
More information can be found on SAP Note 968423.
Thanks goes to Carlos Diaz and Victor Montero.
For more information regarding the vulnerability feel free to contact the author at mnunez {at} cybsec.com. Please bear in mind that technical details will be disclosed to the general public three
months after the release of this pre-advisory.
For more information regarding CYBSEC: www.cybsec.com
(c) 2006 - CYBSEC S.A. Security Systems
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFE238ybbZGNCayCJkRAuKFAJ4x9eiykQZS7EvtjXBpZ41ibsKT4ACgqi8g
5Yqr42pvuNEnNohuAqhUfiQ=
=47q+
-----END PGP SIGNATURE-----