SECurity Message Service: Security Vulnerability - "SAS for Windows" Buffer Overflow Leads to Code Execution
Poster: SySAdmin
Posted on February 27, 2014 at 8:35:01 AM
SECurity Message Service: Security Vulnerability - "SAS for Windows" Buffer Overflow Leads to Code Execution
VIENNA, February 27, 2014 /PRNewswire/ --
"SAS for Windows" is part of a software for statistical analysis, data-mining and
business intelligence. The software was shipped by the manufacturer SAS Institute Inc.
containing a critical vulnerability [1]. The vulnerabilities were discovered in a routine
security crash test by experts of the SEC Consult Vulnerability Lab (
http://www.sec-consult.com).
The vulnerability enables state-sponsored or criminal hackers to create a malicious
SAS-file, which gives an attacker full control over the attacked computer if the file gets
processed with "SAS for Windows". An attacker can send phishing mails containing such a
manipulated SAS-file to subsequently attack the internal corporate network via a
compromised client computer.
The experts of the SEC Consult Vulnerability Lab were able to successfully exploit the
vulnerability during a crash test, bypass current mitigation techniques on a standard
Windows 7 installation (including firewall and anti-virus software) and control the
attacked computer remotely over the Internet.
SEC Consult experts recommend immediately installing the update, released by the
vendor to counter these vulnerabilities [2]. SEC Consult advises that customers of SAS
products should demand from the vendor exhaustive security tests by (European) security
experts before the implementation of the respective software product.
[1] https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm
[2]
SAS 9.4 TS 1M0 - http://ftp.sas.com/techsup/download/hotfix/HF2/L08.html#L08004
SAS 9.3 TS 1M2 - http://ftp.sas.com/techsup/download/hotfix/HF2/I22.html#I22069
SAS 9.2 TS 2M3 - http://ftp.sas.com/techsup/download/hotfix/HF2/B25.html#B25260
For further information please contact:
Johannes Greil, MSc
Head of SEC Consult Vulnerability Lab
Tel.: +43-1-890-30-43-0
mailto: research@sec-consult.com
SEC Consult Unternehmensberatung GmbH
VIENNA, February 27, 2014 /PRNewswire/ --
"SAS for Windows" is part of a software for statistical analysis, data-mining and
business intelligence. The software was shipped by the manufacturer SAS Institute Inc.
containing a critical vulnerability [1]. The vulnerabilities were discovered in a routine
security crash test by experts of the SEC Consult Vulnerability Lab (
http://www.sec-consult.com).
The vulnerability enables state-sponsored or criminal hackers to create a malicious
SAS-file, which gives an attacker full control over the attacked computer if the file gets
processed with "SAS for Windows". An attacker can send phishing mails containing such a
manipulated SAS-file to subsequently attack the internal corporate network via a
compromised client computer.
The experts of the SEC Consult Vulnerability Lab were able to successfully exploit the
vulnerability during a crash test, bypass current mitigation techniques on a standard
Windows 7 installation (including firewall and anti-virus software) and control the
attacked computer remotely over the Internet.
SEC Consult experts recommend immediately installing the update, released by the
vendor to counter these vulnerabilities [2]. SEC Consult advises that customers of SAS
products should demand from the vendor exhaustive security tests by (European) security
experts before the implementation of the respective software product.
[1] https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm
[2]
SAS 9.4 TS 1M0 - http://ftp.sas.com/techsup/download/hotfix/HF2/L08.html#L08004
SAS 9.3 TS 1M2 - http://ftp.sas.com/techsup/download/hotfix/HF2/I22.html#I22069
SAS 9.2 TS 2M3 - http://ftp.sas.com/techsup/download/hotfix/HF2/B25.html#B25260
For further information please contact:
Johannes Greil, MSc
Head of SEC Consult Vulnerability Lab
Tel.: +43-1-890-30-43-0
mailto: research@sec-consult.com
SEC Consult Unternehmensberatung GmbH