Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1033

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2003-1033
Last Modified 05 Sep 2008 04:35:51
Published 15 Apr 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2003-1033

Summary

The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.

Vulnerable Systems

Application

  • Sap Db 7.3.00

  • Sap Db 7.4


References

BID - 7407

XF - sap-db-gain-privileges(11842)

BID - 7408

MLIST - [SAP DB Dev] 20030422 Security Alert: Development Tools

BUGTRAQ - 20030422 SRT2003-04-22-1336 - SAP DB Development Tools install flaw


Last Updated: 27 May 2016 10:38:09