SAProuter密码定时攻击漏洞
SAProuter密码定时攻击漏洞
发布日期:2014-04-16
更新日期:2014-04-18
受影响系统:
SAP SAProuter 721 patch level 117
SAP SAProuter 720 patch level 411
SAP SAProuter 710 patch level 029
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 66938
CVE(CAN) ID: CVE-2014-0984
SAProuter是应用级别网关,用来连接SAP架构内的系统。
SAProuter是通过“路由权限表”来允许或禁止网络连接的,表内项均有一个密码。在版本721 patch level 117, 720 patch level 411, 710 patch level 029中,函数passwordCheck验证不匹配的密码时会立即中断评估周期,这会泄露定时差异,攻击者通过定时旁道攻击可恢复纯文本“路由权限表”密码。
<*来源:Martin Gallo
链接:http://secunia.com/advisories/57993/
*>
建议:
--------------------------------------------------------------------------------
临时解决方法:
* 禁用在“路由权限表”上使用密码。
* 将“安全网络通信”SNC用作安全路由的身份验证机制。
厂商补丁:
SAP
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://service.sap.com/sap/support/notes/
http://www.coresecurity.com/advisories/sap-router-password-timing-attack
参考:
[1] http://help.sap.com/saphelp_nw74/helpdata/en/48/7612ed5ca5055ee10000000a42189b/content.htm?frameset=/en/ea/214d2aafaa43feaee78375cb16552f/frameset.htm.
[2] http://help.sap.com/saphelp_nw74/helpdata/en/48/6c7a3fc1504e6ce10000000a421937/content.htm?frameset=/en/ea/214d2aafaa43feaee78375cb16552f/frameset.htm
[3] http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.65.9811
[4] http://www.youtube.com/watch?v=idjDiBtu93Y&feature=related
[5] http://events.ccc.de/congress/2011/Fahrplan/attachments/2021_Slides
[6] SAP security note 1986895
https://service.sap.com/sap/support/notes/1986895.
http://www.coresecurity.com/advisories/sap-router-password-timing-attack#sthash.ENWowiji.dpuf
评论暂时关闭