CVE-2002-1576

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Db
Vendor: CVE Published:; 15 April 2004

Summary

lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/10762

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/6316

vdb-entryx_refsource_BID

http://www.sapdb.org/sap_db_alert.htm

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 15, 2004