CVE-2003-1033

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Db
Vendor: CVE Published:; 15 April 2004

Summary

The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/11842

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/7407

vdb-entryx_refsource_BID

http://listserv.sap.com/pipermail/sapdb.sources/2003-Apri...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 15, 2004