Vulnerabilities > CVE-2016-5845 - Unspecified vulnerability in SAP Sapcar
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
SAP SAPCAR does not check the return value of file operations when extracting files, which allows remote attackers to cause a denial of service (program crash) via an invalid file name in an archive file, aka SAP Security Note 2312905.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | SAP SAPCAR - Multiple Vulnerabilities. CVE-2016-5845,CVE-2016-5847. Dos exploit for Linux platform |
| file | exploits/linux/dos/40230.txt |
| id | EDB-ID:40230 |
| last seen | 2016-08-10 |
| modified | 2016-08-10 |
| platform | linux |
| port | |
| published | 2016-08-10 |
| reporter | Core Security |
| title | SAP SAPCAR - Multiple Vulnerabilities |
| type | dos |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/138284/CORE-2016-0006.txt |
| id | PACKETSTORM:138284 |
| last seen | 2016-12-05 |
| published | 2016-08-11 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/138284/SAP-CAR-Archive-Tool-Denial-Of-Service-Security-Bypass.html |
| title | SAP CAR Archive Tool Denial Of Service / Security Bypass |
References
- http://seclists.org/fulldisclosure/2016/Aug/46
- https://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities
- http://www.securityfocus.com/bid/92406
- https://www.onapsis.com/blog/denial-service-attacks-sap-security-notes-august-2016
- http://packetstormsecurity.com/files/138284/SAP-CAR-Archive-Tool-Denial-Of-Service-Security-Bypass.html
- https://www.exploit-db.com/exploits/40230/
- http://www.securityfocus.com/archive/1/539180/100/0/threaded