From ThreatPost:
Remotely Exploitable Vulnerabilities in SAP Compression Algorithms
The two primary compression algorithms used by SAP SE products, some of the most popular enterprise and business management software platforms on the market, contain multiple, remotely exploitable security vulnerabilities.
Martin Gallo of Core Security Consulting Services found vulnerabilities in the decompression routines of two compression algorithms deployed across SAP’s line of products. SAP uses proprietary implementations of the Lempel-Ziv-Thomas (LZC) adaptive dictionary compression algorithm and the Lempel-Ziv-Huffman (LZH) compression algorithm. Gallo was able to trigger these exploits in different scenarios in order to remotely and locally execute arbitrary code and cause denial of service conditions.
No comments:
Post a Comment