Vulnerability title: Denial Of Service Via Names Pipes In SAP ECC
|Fixed version:||7.21 HOST Agent Support Package SP007 Patch Level 00007|
|Reported by:||Sam Barltrop|
If you check the permissions for named pipes on a system running SAP, the sap services will end up in an infinite loop and will start using up resources. Initially, the processes will reach 100% and start to consume memory. Once the memory has been filled, the disk will start to be filled up. It can take some time for a DoS to become apparent, but the processes taking up a lot of CPU is instant.
Due to restrictions encountered during testing, Portcullis were unable to perform a detailed analysis of this issue before reporting it to SAP. Portcullis would therefore like to thank SAP for working with us to successfully identify the root cause and an appropriate resolution.
An attacker with access to the underlying operating system could cause a Denial of Service by checking the ACLs of named pipes on the system.
accesschk.exe -q -s -w everyone \pipe\*
Restrict local user access.
|17/07/2015||Initial vendor contact established|
|08/12/2015||SAP released a patch and accompanying SAP Security Note (2220064) for the issue|
|18/01/2016||MITRE assigned CVE-2016-1921|
Copyright @ Portcullis Computer Security Limited 2016, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited.
The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user’s risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.