Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1576

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2002-1576
Last Modified 05 Sep 2008 04:30:58
Published 15 Apr 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1576

Summary

lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.

Vulnerable Systems

Application

  • Sap Db 7.3.00


References

XF - sap-db-lserversrv-symlink(10762)

BID - 6316

CONFIRM - http://www.sapdb.org/sap_db_alert.htm

BUGTRAQ - 20021204 SAP database local root via symlink


Last Updated: 27 May 2016 10:37:24