Trustwave SpiderLabs Security Advisory TWSL2017-005: Improper Input Validation Vulnerability in SAP Adaptive Server Enterprise Published: 02/10/2017 Version: 1.0 Vendor: SAP (www.sap.com) Product: Adaptive Server Enterprise (ASE) Version affected: 15.7, 16.0 Product description: Relational database management system for UNIX, Linux, and Windows platforms. Finding 1: Native library loading from shared SAP JRE lib location Credit: Martin Rakhmanov of Trustwave CVE: CVE-2017-5523 By default native libraries cannot be loaded in Adaptive Server Enterprise via Java. However the following code snippet will load JDWP library (libjdwp.so) from shared SAP JRE lib location (e.g. $SYBASE/shared/SAPJRE-7_1_027_64BIT/lib/amd64/): select java.lang.System.loadLibrary('jdwp') go This could be used in a chained attack where previously uploaded to the SAP JRE lib location library is loaded into ASE process thus executing arbitrary code. Remediation Steps: Apply one of these following vendor supplied patches: SAP ASE 15.7 SP138 SAP ASE 16.0 SP02 PL05 Additionally follow the instructions in SAP ASE cover letter for "Creating the jvm.wl file" Revision History: 01/12/2016 - Vulnerability disclosed to vendor 11/09/2016 - Patch released by vendor 01/24/2017 - Contacted vendor regarding incomplete fix 02/08/2017 - Vendor updated 2407845 bulletin 02/10/2017 - Advisory published References 1. https://launchpad.support.sap.com/#/notes/2407845 About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit https://www.trustwave.com About Trustwave's SpiderLabs: SpiderLabs is the advance security team at Trustwave responsible for incident response and forensics, ethical hacking and application security tests for Trustwave's clients. SpiderLabs has responded to hundreds of security incidents, performed thousands of ethical hacking exercises and tested the security of hundreds of business applications for Fortune 500 organizations. For more information visit https://www.trustwave.com/spiderlabs Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.