Symptom
Several security vulnerabilities were discovered and subsequentely fixed in revision 15 of SAP HANA.
Other Terms
SAP HANA
Reason and Prerequisites
Details of the most serious vulnerabilities discovered are described below:
Directory traversal
HANA contains a vulnerability through which a malicious user can potentially write specific files on the remote server, possibly corrupting data or altering system behaviour. The component fails to correctly validate the path that is used to reference a file that is read from the remote server. As a result, a malicious user can potentially direct the program to other specific files in the system, thereby altering their contents.
Memory Corruption
A malicious user can remotely exploit HANA so that they can terminate it manually. The issue is caused by a memory corruption that causes the process to terminate. A malicious user can provoke a condition in which the process attempts to read outside its memory space, causing a memory protection fault. As a result, the system terminates the process, rendering the application unusable until it is restarted.
Directory traversal
HANA contains a vulnerability through which a malicious user can potentially write specific files on the remote server, possibly corrupting data or altering system behaviour. The component fails to correctly validate the path that is used to reference a file that is read from the remote server. As a result, a malicious user can potentially direct the program to other specific files in the system, thereby altering their contents.
Memory Corruption
A malicious user can remotely exploit HANA so that they can terminate it manually. The issue is caused by a memory corruption that causes the process to terminate. A malicious user can provoke a condition in which the process attempts to read outside its memory space, causing a memory protection fault. As a result, the system terminates the process, rendering the application unusable until it is restarted.
Solution
Update your SAP HANA to Revision 15 or higher.
Header Data
| Released On | 12.09.2011 11:48:35 |
| Release Status | Released for Customer |
| Component | HAN-DB SAP HANA Database |
| Priority | Correction with high priority |
| Category | Release planning information |
No comments:
Post a Comment