SAP Sybase ESP Vulnerabilities (Jun 27, 2014)


XML-RPC is a remote procedure call (RPC) protocol; it works by sending a HTTP request to a server implementing the protocol. The client in that case is typically software wanting to call a single method of a remote system. Multiple input parameters can be passed to the remote method, one return value is returned. The parameter types allow nesting of parameters into maps and lists, thus larger structures can be transported.

SAP Sybase Event Stream Processor (ESP) is a real-time data analysis solution. Traditional data analysis involves running queries against static data in a database. Sybase ESP, on the other hand, tries to run continuous queries against continuous stream. XML-RPC is used in ESP applications to modify elements.

Several vulnerabilities exist in SAP Sybase ESP. The vulnerabilities are due to insufficient boundary check when processing XML-RPC requests. A remote attacker could exploit these vulnerabilities by sending a crafted XML-RPC request to the vulnerable ESP server. Successful exploitation could result in arbitrary code execution or a denial of service condition.

The following CVEs are related to this issue: CVE-2014-3457 and CVE-2014-3458.

Dell SonicWALL has released IPS signatures to detect and block specific exploitation attempts targeting these vulnerabilities. The signatures are listed below:

  • 3924 Sybase ESP esp_parse ConnectionType Remote Code Execution
  • 4092 Sybase ESP esp_parse Connection Remote Code Execution
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.