Race Condition in SAP Database 7.3.0.29 Allows Privilege Escalation
CVE-2003-0265

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Db
Vendor: CVE Published:; 27 May 2003

What is CVE-2003-0265?

A race condition vulnerability exists in the SDBINST component of SAP Database version 7.3.0.29. This flaw allows the creation of critical files with permissions that are set to world-writable before the proper setuid bits are initialized. Attackers with local access can exploit this vulnerability by making modifications to these files before the permissions are corrected, potentially gaining root access to the system.

References

http://www.securityfocus.com/bid/7421

vdb-entryx_refsource_BID

http://marc.info/?l=bugtraq&m=105232424810097&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 27, 2003
Vulnerability Reserved
May 7, 2003