关键信息 Advisory Information - Title: SAP CAR Multiple Vulnerabilities - Advisory ID: CORE-2016-0006 - Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities - Date published: 2016-08-09 - Vendors contacted: SAP - Release mode: Coordinated release Vulnerability Information - Class: Unchecked Return Value [CWE-252], TOCTOU Race Condition [CWE-367] - Impact: Denial of service, Security bypass - Remotely Exploitable: No - Locally Exploitable: Yes - CVE Name: CVE-2016-5845, CVE-2016-5847 Vulnerable Packages - SAPCAR archive tool Vulnerability Description - SAPCAR is an archive program used by SAP. Vulnerabilities were found during the extraction of specially crafted archive files, leading to local denial of service or privilege escalation. PoC Code - Included for both Denial of service via invalid file names and Race condition on permission change.