[ERPSCAN-13-013] SAProuter – Heap Overflow

DSECRG Advisories

Application: SAP Network Interface Router (SAProuter)
Versions Affected: 7.30 (Basis 720 SP 0, Kernel 720 patch 68)SAP Network Interface Router (SAProuter)
Vendor URL: http://www.sap.com
Bugs: Heap Overflow
Risk: High (RCE, DoS)
Exploits: YES
Reported: 25.01.2013
Vendor response: 26.01.2013
Date of SAP Security Note Published: 14.05.2013
Date of Public Advisory: 20.05.2013
Reference: SAP Security Note 1820666
Author: George Nosenko (ERPScan)

It is possible that a remote attacker can execute arbitrary code or perform a DoS attack on SAProuter by sending some NI Route messages with specially crafted fields and payload.

Business Risk
The remote command execution vulnerability can lead to remote command execution on SAProuter without authorization.


To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: