SAP Netweaver "EPS_DELETE_FILE ()" Arbitrary File Deletion Vulnerability

Release date:
Updated on:

Affected Systems:
SAP NetWeaver 7.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49321

SAP NetWeaver is a service-oriented application and integration platform. It provides a development and running environment for SAP applications, and can also be used to customize development and integration with other applications and systems.

SAP NetWeaver has the Arbitrary File Deletion vulnerability in EPS_DELETE_FILE, remote attackers can exploit this vulnerability to delete arbitrary files on affected computers or use SMBRelay to steal the hash of SAP server accounts in Windows.

Attackers can use the default SAP account (such as TMSADM or SAPCPIC) to remotely execute the EPS_DELETE_FILE function to delete arbitrary files in the OS, send the hash of the SAP account to the remote host, or execute smbrelay attacks.

<* Source: Alexey Sintsov (don_huan@xakep.ru)

Link: http://dsecrg.com/pages/vul/show.php? Id = 331
Https://service.sap.com/sap/support/notes/1554030
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

SAP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.sap.com/platform/netweaver/index.epx