Metasploit mailing list archives

Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit?

From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 6 Sep 2012 16:14:24 -0500

Thanks Joshua.

Yes, I think I was too happy for nothing, I tested it now in my environment
now and it doesn't work, I think this Developer Traces have is NOT
configured at  levels 2 or 3 by default.

Thanks.

On Thu, Sep 6, 2012 at 4:11 PM, Joshua Smith <lazydj98 () gmail com> wrote:

Richard,

running the 'info' command on that module gives:
This module exploits a stack buffer overflow in the SAP NetWeaver
  Dispatcher service. The overflow occurs in the DiagTraceR3Info()
  function and allows a remote attacker to execute arbitrary code by
  supplying a special crafted Diag packet. The Dispatcher service is
  only vulnerable if the Developer Traces have been configured at
  levels 2 or 3. The module has been successfully tested on SAP
  Netweaver 7.0 EHP2 SP6 over Windows XP SP3 and Windows 2003 SP2 (DEP
  bypass).

So I would say you are correct, however ultimately it's up to the specific
method of installation and version of the installer etc, so the best the
module writer can do is state the facts (as they did) and maybe add
something like "typically this is not the default configuration" or
something similar.

-Josh

On Sep 6, 2012, at 3:19 PM, Richard Miles wrote:

Hi

I was reading metasploit blog and I found this post (
https://community.rapid7.com/community/metasploit/blog/2012/09/06/cve-2012-2611-the-walk-to-the-shell)
and it says " This module exploits an unauthenticated buffer overflow,
discovered by Martin Gallo, in the DiagTraceR3Info() function where tracing
is enabled on SAP NetWeaver." This makes me believe that this vulnerability
is not exploited on default configuration of SAP NetWeaver. Someone is able
to confirm?

Thanks.
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Richard Miles (Sep 06)
- Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Joshua Smith (Sep 06)
  - Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit? Richard Miles (Sep 06)