SAP NetWeaver Vulnerabilities

March 1, 2013

The SAP NetWeaver is a software/application platform which enables composition, provisioning, and management of SAP and non-SAP applications across a heterogeneous software environment. SAP NetWeaver deploys several services to handle incoming requests. One of the services, the Message Server, is used for communication between SAP systems and RFC clients.

Two vulnerabilities in SAP NetWeaver Message Server (msg_server.exe) were reported. The vulnerabilities are due to insufficient validation of incoming messages. A remote attacker could exploit these vulnerabilities by sending crafted requests to the msg_server.exe. Successful exploitation allows the attacker to execute arbitrary code in the context of Message Server.

The vulnerabilities have been assigned as CVE-2013-1592 and CVE-2013-1593.

Dell SonicWALL has released two IPS signatures to detect and block specific exploitation attempts targeting these vulnerabilities. The signatures are listed below:

  • 9667 SAP NetWeaver msg_server Memory Corruption
  • 9683 SAP NetWeaver msg_server Buffer Overflow