Untrusted Search Path Vulnerability in SAP MaxDB by SAP
CVE-2008-1810

Currently unrated

Key Information:

Vendor: SAP
Status: Maxdb
Vendor: CVE Published:; 1 August 2008

What is CVE-2008-1810?

A vulnerability in the dbmsrv component of SAP MaxDB version 7.6.03.15 on Linux permits local users to escalate their privileges by exploiting a modified PATH environment variable. This flaw allows unauthorized local access to execute arbitrary code, creating potential security risks.

References

http://www.vupen.com/english/advisories/2008/2267/references

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/31318

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/30474

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2008
Vulnerability Reserved
Apr 15, 2008