Intrusion Prevention

SAP.ITS.AGate.Buffer.Overflow

Description

It indicates a possible exploit of buffer overflow Vulnerability in SAP Internet Transaction Server (ITS).


SAP Internet Transaction Server (ITS) is an interface used to integrate SAP software to the Internet for Microsoft Windows, Linux, and Unix-based operating systems. A buffer overflow vulnerability is reported in it that may allow an attacker to execute arbitrary code via long HTTP Content-Type header , via long ~command, ~runtimemode, or ~session parameters . This is due to AGate component for SAP Internet Transaction Server failure to properly sanitize HTTP Content-Type header , ~command, ~runtimemode, or ~session parameters leading to be exploited by an attacker . By sending a long command, runtimemode or session parameter or HTTP Content-Type field, a remote attacker could overflow a buffer and execute arbitrary code on the vulnerable system.


An information leak was also reported in /scripts/wgate/?~command=AgateInstallCheck. The function displays information about all installed DLLs, including the version number and installation path.

Affected Products

SAP Internet Transaction Server (ITS) prior to 4.6 PL463 , prior to 6.10 PL30 and prior to 6.20 PL7.

Impact

Compromise of the affected system.

Recommended Actions

Upgrade to SAP ITS 6.20 PL7, 6.10 PL30, and 4.6 PL463

CVE References

CVE-2003-1036