Privilege Escalation in SAP DB Development Tools by SAP
CVE-2003-1033

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Db
Vendor: CVE Published:; 15 April 2004

What is CVE-2003-1033?

The SAP DB Development Tools (versions 7.x) include instdbmsrv and instlserver programs that improperly trust the user-defined INSTROOT environment variable. This can be exploited by local users to gain unauthorized root privileges through a manipulated INSTROOT pointing to a malicious dbmsrv or lserver executable. Such vulnerabilities pose significant risks to the integrity and security of the systems utilizing these tools.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/11842

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/7407

vdb-entryx_refsource_BID

http://listserv.sap.com/pipermail/sapdb.sources/2003-Apri...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 15, 2004