CVE-2002-1576

2004-04-15T04:00:00
ID CVE-2002-1576
Type cve
Reporter cve@mitre.org
Modified 2017-07-11T01:29:00

Description

lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.