Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

GW Changes to the ACL list of the gateway (secinfo), SAP security note 614971

Description

In the secinfo file, you can define which external programs may be started or which external server programs may be registered on the gateway for up to and including Kernel Release 46D.

As of Release 6.40, the registration of external server programs is to be controlled using a separate file (reginfo). See Note 1069911 for more information.

The file name is defined by the parameter gw/reg_info. The default value for the path of the file is:
/usr/sap/<SID>/<INSTANCE>/data/secinfo

If the file does not exist, the system starts all external programs.

However, if the file exists but is empty, or if it does not contain valid lines, you must not start any external programs.

If you want to start an external program, the system searches the file for a valid entry. If it cannot find a valid entry, it refuses to start the external program and issues the following error message:

ERROR   user <usr> is not authorized to start TP <program name> on host
        <host>
RC      676 (GW_SECURITY_ERROR)

    1. In this case, all programs must be listed separately with the relevant program ID (TP). If the program ID is generated dynamically (for example, for the BeX Analyzer), you can use wildcards (as of a certain patch level, see TP syntax below).
    2. The host name (HOST ) and the host name of the user (USER HOST) must be specified separately. If there are many different hosts, this is very difficult.
    3. In the exceptional case that an external program wants to start another external program and both communications run on the same host, you must enter “local” as the USER-HOST, otherwise a rejection occurs.

Available fix and Supported packages

  • SAP_BASIS | 46B | 46D
  • SAP_BASIS | 620 | 640
  • SAP KERNEL 4.6D_EX2 32-BIT | SP2381 | 002381
  • SAP KERNEL 4.6D_EX2 64-BIT | SP2381 | 002381
  • SAP KERNEL 4.6D_EXT 32-BIT | SP2381 | 002381
  • SAP KERNEL 4.6D_EXT 64-BIT | SP2381 | 002381
  • SAP KERNEL 6.40 32-BIT | SP224 | 000224
  • SAP KERNEL 6.40 32-BIT UNICODE | SP224 | 000224
  • SAP KERNEL 7.00 32-BIT | SP150 | 000150
  • SAP KERNEL 7.00 32-BIT UNICODE | SP150 | 000150
  • SAP KERNEL 7.00 64-BIT | SP150 | 000150
  • SAP KERNEL 7.00 64-BIT UNICODE | SP150 | 000150

Affected component

    BC-CST-GW
    Gateway/CPIC

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/614971

TAGS

#secinfogw/sec_infoACL
#access-control-listGatewayBeX-Analyzer676-GW_SECURITY_ERROR

More to explorer

RedRays at Black Hat MEA 2023

🔒 “FROM ON-PREMISES TO CLOUD: A COMPREHENSIVE ANALYSIS OF SAP SECURITY ISSUES” 🔒 📅 17:40, Wed, Nov 15📍 Briefing Stage 4 At

SAP Security For All

RedRays Security Platform for Penetration testers and Bug hunters

The product package is specifically created for cyber security experts who have encountered SAP while participating in bug bounty programs.

RedRays Security Platform for SAP Consultants

The product package is designed for SAP consultants conducting security assessments of SAP ERP systems. We provide essential tools and resources to help professionals in this field conduct their work effectively.

RedRays Security Platform for Enterprises

The product package is specifically optimized to cater to the needs of both small/medium and large companies who are seeking to streamline the process of organizing a comprehensive security system for ERP systems.