• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1529849

Главная Специалистам База уязвимостей Не установлено обновление Note 1529849

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1529849-2)
Описание
The gateway must have at least the following patch level as described in Note
1298433.

710: 186
711: 73
720: 34
Как исправить
To protect the gateway from unauthorized access, you must maintain the two ACL files secinfo (restarting external programs) and reginfo (registering RFC servers).

The files are defined by the gateway parameters
gw/sec_info and gw/reg_info.

The default value is:

gw/seg_info = $(DIR_DATA)/secinfo$(DAT) and/or
gw/reg_info = $(DIR_DATA)/reginfo$(DAT).

DIR_DATA is the instance-specific data directory
/usr/sap/<SID>/<INSTANCE>/data

$(DAT) is the file extension (.DAT for Windows, blank for Unix).

The file secinfo(.dat) should contain the following line:

# start of external programs disabled

This deactivates the starting of external programs.

The file reginfo(.dat) should contain the following lines:

# list of java server
TP=* HOST=local
TP=* HOST=<host name>
...
TP=* HOST=<host name>

In this case, each Java node should be written in the file.
If the computer has several network cards, this can be
added as a list. The list can be compiled with computer names, IP addresses or IP ranges (subnets).

TP=* HOST=<adr1>,<adr2>,...,<adrn>

As a result, only RFC server programs that run on AS Java computers can register.

You can manage the gateway with the program gwmon.
In particular, changes to the files can be dynamically loaded subsequently
(see Note 64016) without having to restart the gateway.


In addition, see Overview Note 1305851 that
describes all known problems relating to security settings.
Ссылки