Metasploit mailing list archives
Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit?
From: Joshua Smith <lazydj98 () gmail com>
Date: Thu, 6 Sep 2012 16:11:56 -0500
Richard, running the 'info' command on that module gives: This module exploits a stack buffer overflow in the SAP NetWeaver Dispatcher service. The overflow occurs in the DiagTraceR3Info() function and allows a remote attacker to execute arbitrary code by supplying a special crafted Diag packet. The Dispatcher service is only vulnerable if the Developer Traces have been configured at levels 2 or 3. The module has been successfully tested on SAP Netweaver 7.0 EHP2 SP6 over Windows XP SP3 and Windows 2003 SP2 (DEP bypass). So I would say you are correct, however ultimately it's up to the specific method of installation and version of the installer etc, so the best the module writer can do is state the facts (as they did) and maybe add something like "typically this is not the default configuration" or something similar. -Josh On Sep 6, 2012, at 3:19 PM, Richard Miles wrote:
Hi I was reading metasploit blog and I found this post (https://community.rapid7.com/community/metasploit/blog/2012/09/06/cve-2012-2611-the-walk-to-the-shell) and it says " This module exploits an unauthenticated buffer overflow, discovered by Martin Gallo, in the DiagTraceR3Info() function where tracing is enabled on SAP NetWeaver." This makes me believe that this vulnerability is not exploited on default configuration of SAP NetWeaver. Someone is able to confirm? Thanks. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Richard Miles (Sep 06)
- Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Joshua Smith (Sep 06)
- Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Richard Miles (Sep 06)
- Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Joshua Smith (Sep 06)