SAP R/3 used with Oracle could allow an attacker to access SAP data

SECURITY (Intermediate alert)

원본출처 : http://www.iss.net/security_center/static/8972.php

Description:

SAP is a financial package that runs on top of Oracle databases. SAP R/3 using SQL*net V2 could allow a remote attacker to access SAP data. Upon default installation of SAP R/3 on an Oracle database, an attacker on the local network could access the Oracle listener port on the database host to read, write, or modify SAP data.

Platforms Affected:

Oracle: All Versions

SAP R/3: All Versions

Remedy:

No remedy available as of May 2002.

Refer to the BugTraq Mailing List posting dated Apr 27 2002 7:06AM for workaround information. See References.

Consequences:

Gain Access

References:

BugTraq Mailing List, Apr 27 2002 7:06AM, "SAP R/3 on Oracle: vulnerable Default Installation" at http://online.securityfocus.com/archive/1/269967

Standards associated with this entry:

BID-4613: SAP R/3 with Oracle Unauthorized Data Access Vulnerability

Reported:

April 27 2002.