Social Icons

Thứ Bảy, 25 tháng 4, 2015

SAP patches ASE database login flaw - Computerworld

@ a< href="http://sap.rssfeeds.pw">Sap RSS News

SAP patched a flaw on Thursday that could allow an attacker to take complete control over a database, according to security vendor Trustwave.

The flaw (CVE-2014-6284) affects SAP's Adaptive Server Enterprise (ASE), a relational database for Unix, Linux and Windows systems, designed for high volumes of data-rich transactions. Vulnerable versions are 12.5, 15, 15.5, 15.7 and 16.

TrustWave's Martin Rakhmanov, a senior security researcher, found an error in the challenge and response mechanism used to access ASE. The account access gained is not a privileged account, but TrustWave said other flaws allow the privileges to be escalated to that of a database administrator.

"Combined with such privilege elevation vulnerabilities, this one allows complete takeover of the database server," TrustWave said in its advisory.

Trustwave published proof-of-concept code on GitHub. SAP has also released a security note, but login details are required to view it.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Sponsored Links



Subribe Sap Feeds

Không có nhận xét nào:

Đăng nhận xét

 

Sample text

Sample Text

Sample Text