(The following pre-advisory is also available in PDF format for download at:
Pre-Advisory Name: SAP Internet Graphics Service (IGS) Remote Arbitrary File Removal
Vulnerability Class: Path Traversal
Release Date: 12/05/2006
=====================* SAP IGS 6.40 Patchlevel <= 16
* SAP IGS 7.00 Patchlevel <= 6
==================* AIX 64 bits
* HP-UX on IA64 64bit
* HP-UX on PA-RISC 64bit
* Linux on IA32 32bit
* Linux on IA64 64bit
* Linux on Power 64bit
* Linux on x86_64 64bit
* Linux on zSeries 64bit
* OS/400 V5R2M0
* Solaris on SPARC 64bit
* TRU64 64bit
* Windows Server on IA32 32bit
* Windows Server on IA64 64bit
* Windows Server on x64 64bit
Local / Remote: Remote
Author: Mariano Nu=F1ez Di Croce
=============* Confirmed, update released.
Reference to Vulnerability Disclosure Policy:
================="The IGS provides a server architecture where data from an SAP System or other sources can be used to generate graphical or non-graphical output."
It is important to note that IGS is installed and activated by default with the Web Application Server (versions >= 6.30)
=========================A specially crafted HTTP request can remove any file located in SAP IGS file-system.
=================Technical details will be released three months after publication of this pre-advisory. This was agreed upon with SAP to allow their customers to
upgrade affected software prior to technical knowledge been publicly available.
======Under UNIX systems, successful exploitation of this vulnerability may allow an attacker to remotely remove files existing on the SAP IGS file-system.
These files must have write permission for SAP System Administrator account (