CVE-2001-0366

Currently unrated

Key Information:

Vendor: SAP
Status: SAPoscol; SAP R 3 Web Application Server Demo
Vendor: CVE Published:; 27 June 2001

Summary

saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program.

References

http://www.securityfocus.com/bid/2662

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/6487

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/180498

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jun 27, 2001
Vulnerability Reserved
May 24, 2001