Re: Is the new SAP NetWeaver CVE-2012-2611 a NON-DEFAULT configuration exploit?

[Joshua Smith <lazydj98 () gmail com>]

Richard,

running the 'info' command on that module gives:
This module exploits a stack buffer overflow in the SAP NetWeaver 
  Dispatcher service. The overflow occurs in the DiagTraceR3Info() 
  function and allows a remote attacker to execute arbitrary code by 
  supplying a special crafted Diag packet. The Dispatcher service is 
  only vulnerable if the Developer Traces have been configured at 
  levels 2 or 3. The module has been successfully tested on SAP 
  Netweaver 7.0 EHP2 SP6 over Windows XP SP3 and Windows 2003 SP2 (DEP 
  bypass).

So I would say you are correct, however ultimately it's up to the specific method of installation and version of the 
installer etc, so the best the module writer can do is state the facts (as they did) and maybe add something like 
"typically this is not the default configuration" or something similar.

-Josh

On Sep 6, 2012, at 3:19 PM, Richard Miles wrote:

> Hi
>
> I was reading metasploit blog and I found this post 
> (https://community.rapid7.com/community/metasploit/blog/2012/09/06/cve-2012-2611-the-walk-to-the-shell) and it says " 
> This module exploits an unauthenticated buffer overflow, discovered by Martin Gallo, in the DiagTraceR3Info() 
> function where tracing is enabled on SAP NetWeaver." This makes me believe that this vulnerability is not exploited 
> on default configuration of SAP NetWeaver. Someone is able to confirm?
>
> Thanks.
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework