Skip links

Standalone enqueue server crashes, SAP security note 948457

Description

The standalone enqueue server crashes. In one of the dev_enqio_* files, the system displays the following C-stack:

(strcpyU16+0x191)[0x4e48c7]
(_ZN20EnAdmGetFileResponseC1EP19EnAdmGetFileRequestiPKt+0xa1)[0x44e5ab]
(_ZN19EnAdmGetFileRequestC1EP9EnsMemObj+0xdb)[0x44b443]
(_ZN12EnAdmRequest13createRequestEP9EnsMemObjmb+0x416)[0x44a744]
(_ZN8IOThread13createRequestER6EncMsg+0x32e)[0x4654fa]
(_ZN8IOThread7WalkNetEi+0xd4)[0x46564e]
(_ZN8IOThread4LoopEv+0x195)[0x466cf7]
(_ZN9EnsThread10ThreadMainEPv+0x4a)[0x4612b0]

(Depending on the platform, the C-stack output varies. The example above was created on Linux-X86_64).

Available fix and Supported packages

  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 700

Affected component

    BC-CST-EQ
    Enqueue

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/948457

TAGS

#

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies