CYBSEC Release: SAP Security - Paper & Tool release

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CYBSEC Release: SAP Security - Paper & Tool release
From: Mariano Nuñez Di Croce <mnunez@xxxxxxxxxx>
Date: Wed, 04 Apr 2007 10:03:44 -0300
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: Mariano Nuez Di Croce <mnunez@xxxxxxxxxx>
User-agent: Icedove 1.5.0.10 (X11/20070307)

I am proud to announce the release of a White-paper and an open-source tool, 
both addressing security of SAP R/3 systems.
The paper describes vulnerabilities discovered in the SAP RFC interface 
implementation and library, as well as some attacks that can be performed over
SAP systems.
The tool, sapyto (v0.93), is the first public framework for carrying out 
Penetration Tests over SAP R/3 deployments. It is shipped with many plugins
to test for vulnerabilities discovered in our research and also launch 
different types of attacks.

You can find these resources at the following links:

        . Paper: 
http://www.cybsec.com/upload/CYBSEC-Whitepaper-Exploiting_SAP_Internals.pdf
        . sapyto: http://www.cybsec.com/vuln/tools/sapyto.tgz


Don't hesitate to send me any comments/suggestions!

Best Regards,

-- 
-----------------------------------------
Mariano Nuñez Di Croce

CYBSEC S.A. Security Systems
Email: mnunez@xxxxxxxxxx
Tel/Fax: (54-11) 4371-4444
Web: http://www.cybsec.com
PGP: http://www.cybsec.com/pgp/mnunez.txt
-----------------------------------------

Prev by Date: rPSA-2007-0064-1 ImageMagick
Next by Date: [ MDKSA-2007:074 ] - Updated qt3 packages to address utf8 decoder bug
Previous by thread: rPSA-2007-0064-1 ImageMagick
Next by thread: [ MDKSA-2007:074 ] - Updated qt3 packages to address utf8 decoder bug
Index(es):
- Date
- Thread