Description
You want to increase the security setting of the message server. To do this, you can make the following settings:
- 1. set whether external monitors such as the “msmon” monitoring program are allowed to connect to the message server;
- 2. set the separation of the internal and external communication
- 3. set the use of an ACL list (Access Control List) for the message server
In the Solution, you can see the details for the points listed above
A further symptom is that no events can be triggered via sapevt. The following trace entries appear in the trace of the message server:
[Thr 3936] *** ERROR => MsSClientHandle: client 212.190.195.45 (212.190.
0.195.45) is EXTERNAL, access denied [msxxserv.c 4843]
Available fix and Supported packages
- SAP_BASIS | 640 | 640
- SAP_BASIS | 700 | 701
- SAP_BASIS | 710 | 720
- SAP_BASIS 700 | SAPKB70001 |
- SAP KERNEL 6.40 32-BIT | SP320 | 000320
- SAP KERNEL 6.40 32-BIT | SP321 | 000321
- SAP KERNEL 6.40 32-BIT UNICODE | SP320 | 000320
- SAP KERNEL 6.40 32-BIT UNICODE | SP321 | 000321
- SAP KERNEL 6.40 64-BIT | SP320 | 000320
- SAP KERNEL 6.40 64-BIT | SP321 | 000321
- SAP KERNEL 6.40 64-BIT UNICODE | SP320 | 000320
- SAP KERNEL 6.40 64-BIT UNICODE | SP321 | 000321
- SAP KERNEL 6.40_EX2 32-BIT | SP320 | 000320
- SAP KERNEL 6.40_EX2 32-BIT | SP321 | 000321
- SAP KERNEL 6.40_EX2 32-BIT UC | SP320 | 000320
- SAP KERNEL 6.40_EX2 32-BIT UC | SP321 | 000321
- SAP KERNEL 6.40_EX2 64-BIT | SP320 | 000320
- SAP KERNEL 6.40_EX2 64-BIT | SP321 | 000321
- SAP KERNEL 6.40_EX2 64-BIT UC | SP320 | 000320
- SAP KERNEL 6.40_EX2 64-BIT UC | SP321 | 000321
- SAP KERNEL 7.00 32-BIT | SP244 | 000244
- SAP KERNEL 7.00 32-BIT | SP246 | 000246
- SAP KERNEL 7.00 32-BIT UNICODE | SP244 | 000244
- SAP KERNEL 7.00 32-BIT UNICODE | SP246 | 000246
Affected component
- BC-CST-MS
Message Service
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/821875
