Local Privilege Escalation in SAP DB by Using Symlink
CVE-2002-1576

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Db
Vendor: CVE Published:; 15 April 2004

What is CVE-2002-1576?

The lserver in SAP DB 7.3 and earlier is vulnerable due to its reliance on the current working directory to find and execute the lserversrv program. This flaw allows local users to gain elevated privileges by exploiting a malicious lserversrv located in a directory that utilizes a symlink pointing to the lserver program. This vulnerability not only compromises the integrity of system access but also poses significant risks to the overall security of environments using affected versions of SAP DB.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/10762

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6316

vdb-entryx_refsource_BID

http://www.sapdb.org/sap_db_alert.htm

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 15, 2004