• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1298433

Главная Специалистам База уязвимостей Не установлено обновление Note 1298433

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1298433-21) SAP Support Packages (SAP_KERNEL_46D_EXT_64_BIT_999999_999999, SAP_KERNEL_46D_EXT_64_BIT_SP2508_002508, SAP_KERNEL_46D_EXT_64_BIT_SP2523_002523, SAP_KERNEL_46D_EXT_64_BIT_SP2527_002527, SAP_KERNEL_46D_EXT_64_BIT_SP999999_999999, SAP_KERNEL_640_32_BIT_999999_999999, SAP_KERNEL_640_32_BIT_SP317_000317, SAP_KERNEL_640_32_BIT_SP999999_999999, SAP_KERNEL_640_32_BIT_UNICODE_999999_999999, SAP_KERNEL_640_32_BIT_UNICODE_SP317_000317, SAP_KERNEL_640_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_640_64_BIT_999999_999999, SAP_KERNEL_640_64_BIT_SP317_000317, SAP_KERNEL_640_64_BIT_SP999999_999999, SAP_KERNEL_640_64_BIT_UNICODE_999999_999999, SAP_KERNEL_640_64_BIT_UNICODE_SP317_000317, SAP_KERNEL_640_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_640_EX2_32_BIT_999999_999999, SAP_KERNEL_640_EX2_32_BIT_SP317_000317, SAP_KERNEL_640_EX2_32_BIT_SP999999_999999, SAP_KERNEL_640_EX2_32_BIT_UC_999999_999999, SAP_KERNEL_640_EX2_32_BIT_UC_SP317_000317, SAP_KERNEL_640_EX2_32_BIT_UC_SP999999_999999, SAP_KERNEL_640_EX2_64_BIT_999999_999999, SAP_KERNEL_640_EX2_64_BIT_SP317_000317, SAP_KERNEL_640_EX2_64_BIT_SP999999_999999, SAP_KERNEL_640_EX2_64_BIT_UC_999999_999999, SAP_KERNEL_640_EX2_64_BIT_UC_SP317_000317, SAP_KERNEL_640_EX2_64_BIT_UC_SP999999_999999, SAP_KERNEL_700_32_BIT_999999_999999, SAP_KERNEL_700_32_BIT_SP241_000241, SAP_KERNEL_700_32_BIT_SP253_000253, SAP_KERNEL_700_32_BIT_SP999999_999999, SAP_KERNEL_700_32_BIT_UNICODE_999999_999999, SAP_KERNEL_700_32_BIT_UNICODE_SP241_000241, SAP_KERNEL_700_32_BIT_UNICODE_SP253_000253, SAP_KERNEL_700_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_700_64_BIT_999999_999999, SAP_KERNEL_700_64_BIT_SP241_000241, SAP_KERNEL_700_64_BIT_SP253_000253, SAP_KERNEL_700_64_BIT_SP999999_999999, SAP_KERNEL_700_64_BIT_UNICODE_999999_999999, SAP_KERNEL_700_64_BIT_UNICODE_SP241_000241, SAP_KERNEL_700_64_BIT_UNICODE_SP253_000253, SAP_KERNEL_700_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_701_32_BIT_999999_999999, SAP_KERNEL_701_32_BIT_SP090_000090, SAP_KERNEL_701_32_BIT_SP171_000171, SAP_KERNEL_701_32_BIT_SP999999_999999, SAP_KERNEL_701_32_BIT_UNICODE_999999_999999, SAP_KERNEL_701_32_BIT_UNICODE_SP090_000090, SAP_KERNEL_701_32_BIT_UNICODE_SP171_000171, SAP_KERNEL_701_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_701_64_BIT_999999_999999, SAP_KERNEL_701_64_BIT_SP090_000090, SAP_KERNEL_701_64_BIT_SP171_000171, SAP_KERNEL_701_64_BIT_SP999999_999999, SAP_KERNEL_701_64_BIT_UNICODE_999999_999999, SAP_KERNEL_701_64_BIT_UNICODE_SP090_000090, SAP_KERNEL_701_64_BIT_UNICODE_SP171_000171, SAP_KERNEL_701_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_710_32_BIT_999999_999999, SAP_KERNEL_710_32_BIT_SP186_000186, SAP_KERNEL_710_32_BIT_SP999999_999999, SAP_KERNEL_710_32_BIT_UNICODE_999999_999999, SAP_KERNEL_710_32_BIT_UNICODE_SP186_000186, SAP_KERNEL_710_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_710_64_BIT_999999_999999, SAP_KERNEL_710_64_BIT_SP186_000186, SAP_KERNEL_710_64_BIT_SP999999_999999, SAP_KERNEL_710_64_BIT_UNICODE_999999_999999, SAP_KERNEL_710_64_BIT_UNICODE_SP186_000186, SAP_KERNEL_710_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_711_32_BIT_999999_999999, SAP_KERNEL_711_32_BIT_SP073_000073, SAP_KERNEL_711_32_BIT_SP999999_999999, SAP_KERNEL_711_32_BIT_UNICODE_999999_999999, SAP_KERNEL_711_32_BIT_UNICODE_SP073_000073, SAP_KERNEL_711_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_711_64_BIT_999999_999999, SAP_KERNEL_711_64_BIT_SP073_000073, SAP_KERNEL_711_64_BIT_SP999999_999999, SAP_KERNEL_711_64_BIT_UNICODE_999999_999999, SAP_KERNEL_711_64_BIT_UNICODE_SP073_000073, SAP_KERNEL_711_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_720_32_BIT_999999_999999, SAP_KERNEL_720_32_BIT_SP034_000034, SAP_KERNEL_720_32_BIT_SP999999_999999, SAP_KERNEL_720_32_BIT_UNICODE_999999_999999, SAP_KERNEL_720_32_BIT_UNICODE_SP034_000034, SAP_KERNEL_720_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_720_64_BIT_999999_999999, SAP_KERNEL_720_64_BIT_SP034_000034, SAP_KERNEL_720_64_BIT_SP999999_999999, SAP_KERNEL_720_64_BIT_UNICODE_999999_999999, SAP_KERNEL_720_64_BIT_UNICODE_SP034_000034, SAP_KERNEL_720_64_BIT_UNICODE_SP999999_999999)
Описание
This problem is caused by a program error in the kernel. For security  reasons, we will not provide any further details about the error.

Enhancement:

This affects all kernel releases.

We adjusted the behavior of the gateway in the first workaround. As a  result, however, certain programs could no longer register themselves  after you implemented the corrections. These were precisely those  programs that connected via a SAProuter. In more general terms, they  were the programs that connected via a proxy. Therefore, the kernel  correction is activated only when you set an instance profile parameter  in a second step (see solution) to ensure that live operation is not impeded after you apply the kernel.
Как исправить
Workaround:
If you cannot implement a correction as described below, you can protect your system with a firewall so that only trustworthy hosts are allowed to connect to the SAP gateway and the gateway is allowed to connect to trustworthy hosts only.

Programs that set up a connection with the gateway from a remote host must use a connection that is secured via Secure Network Communication (SNC) to prevent the data stream from being manipulated. You can use the following solutions for this:
You can use a connection between two SAProuters that is secured via SNC and covers the Wide Area Network (WAN) part of the connection.
You can use a virtual private network (VPN) tunnel that covers the WAN part of the connection.
Error correction:
Apply the highest kernel patch that is relevant for your kernel release, which can be found in the "SP Patch Level" section. You must also set the parameter
gw/reg_no_conn_info
to activate the increased security. (Caution: By setting the parameter, you can also make other security-relevant settings, see Note 1444282.)
The following patch levels are required for Kernel Releases 31I-45B:
31I: 784
40B: 1073
45B: 1004
For information about downloading Kernel Releases 31I-45B, see Note 52505 "Support after end of mainstream/extended maintenance".
Ссылки