Bypassing sec_info without reg_info, SAP security note 1434117

Description

Note 614971 describes how you can control restarting and registering programs (gw/sec_info).

As of kernel release 640, the parameter gw/reg_info also exists; this parameter refers to an ADDITIONAL file that is only for registration to ensure that the rules for RESTARTING and REGISTERING are defined in separate files.

If you do not set gw/reg_info (up to and including Kernel Release 7.11), the system continues to use only the file that was defined under gw/sec_info to restart AND register.

If you do not use gw/reg_info to define a single file for registration, you may be able to restart external programs for which no specific rule is defined.

Available fix and Supported packages

SAP_APPL | 31I | 31I
SAP_APPL | 40B | 40B
SAP_APPL | 45B | 45B
SAP_BASIS | 46D | 46D
SAP_BASIS | 640 | 640
SAP_BASIS | 700 | 702
SAP_BASIS | 710 | 730
SAP KERNEL 4.6D_EX2 32-BIT | SP2527 | 002527
SAP KERNEL 4.6D_EX2 64-BIT | SP2527 | 002527
SAP KERNEL 4.6D_EXT 32-BIT | SP2527 | 002527
SAP KERNEL 4.6D_EXT 64-BIT | SP2527 | 002527
SAP KERNEL 6.40 32-BIT | SP328 | 000328
SAP KERNEL 6.40 32-BIT UNICODE | SP328 | 000328
SAP KERNEL 6.40 64-BIT | SP328 | 000328
SAP KERNEL 6.40 64-BIT UNICODE | SP328 | 000328
SAP KERNEL 6.40_EX2 32-BIT | SP328 | 000328
SAP KERNEL 6.40_EX2 32-BIT UC | SP328 | 000328
SAP KERNEL 6.40_EX2 64-BIT | SP328 | 000328
SAP KERNEL 6.40_EX2 64-BIT UC | SP328 | 000328
SAP KERNEL 7.00 32-BIT | SP255 | 000255
SAP KERNEL 7.00 32-BIT UNICODE | SP255 | 000255
SAP KERNEL 7.00 64-BIT | SP255 | 000255
SAP KERNEL 7.00 64-BIT UNICODE | SP255 | 000255
SAP KERNEL 7.01 32-BIT | SP092 | 000092
SAP KERNEL 7.01 32-BIT UNICODE | SP092 | 000092
SAP KERNEL 7.01 64-BIT | SP092 | 000092
SAP KERNEL 7.01 64-BIT UNICODE | SP092 | 000092

Affected component

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1434117

RedRays SAP Security Team

Bypassing sec_info without reg_info, SAP security note 1434117

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#gw/sec_info
#gw/reg_info
#sec_info
#reg_info
#secinfo
#reginfo

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Secure Your SAP BTP Applications: A Guide to Protecting Your Business in the Cloud

SAP Security Patch Day – April 2024

SAP Security Patch Day – March 2024

SAP Cloud Connector Certificate Validation Issue

RedRays SAP Security Team

Bypassing sec_info without reg_info, SAP security note 1434117

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#gw/sec_info#gw/reg_info#sec_info#reg_info#secinfo#reginfo

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Secure Your SAP BTP Applications: A Guide to Protecting Your Business in the Cloud

SAP Security Patch Day – April 2024

SAP Security Patch Day – March 2024

SAP Cloud Connector Certificate Validation Issue

#gw/sec_info
#gw/reg_info
#sec_info
#reg_info
#secinfo
#reginfo