arch bugs in sap software deployment manager evgeny neyolov feat. dmitry chastuhin erp security...
DESCRIPTION
Arch bugs in SAP Software Deployment Manager Evgeny Neyolov feat. Dmitry Chastuhin ERP Security Analyst. SAP NetWeaver Development Infrastructure. Design Time Repository (DTR) Component Build Service (CBS) Change Management Service (CMS) Software Landscape Directory (SLD) / NS - PowerPoint PPT PresentationTRANSCRIPT
Invest in securityto secure investments
Arch bugs in SAP Software Deployment Manager
Evgeny Neyolov feat. Dmitry ChastuhinERP Security Analyst
SAP NetWeaver Development Infrastructure
• Design Time Repository (DTR)• Component Build Service (CBS)• Change Management Service (CMS)• Software Landscape Directory (SLD) / NS• Software Deployment Manager (SDM)
erpscan.com 2ERPScan — invest in security to secure investments
SAP NetWeaver Development Infrastructure
erpscan.com 3ERPScan — invest in security to secure investments
SAP NetWeaver Development Infrastructure
erpscan.com 4ERPScan — invest in security to secure investments
SAP NetWeaver Development Infrastructure
erpscan.com 5ERPScan — invest in security to secure investments
SAP NetWeaver Development Infrastructure
erpscan.com 6ERPScan — invest in security to secure investments
SAP NetWeaver Development Infrastructure
erpscan.com 7ERPScan — invest in security to secure investments
SAP NetWeaver Development Infrastructure
erpscan.com 8ERPScan — invest in security to secure investments
Software Deployment Manager
• Single interface for the deployment• Deploy apps (*.ear, *.war, *.sda)• Implement custom patches• only one user at time• only hardcoded admin user
9erpscan.com ERPScan — invest in security to secure investments
SDM + UME = Love
• User Management Engine• affects almost all SAP-Java-stuff
10erpscan.com ERPScan — invest in security to secure investments
SDM Attack Intro
• thick client Java application (sad story)• SAP has own SAP Java Virtual Machine (JVM)• Java 6 has Attach API• attaching to another JVM at runtime• intercept and modify calls
11erpscan.com ERPScan — invest in security to secure investments
SDM Post Exploitation
12erpscan.com ERPScan — invest in security to secure investments
Post Exploitation
13erpscan.com ERPScan — invest in security to secure investments