Lucene search

[email protected]CVE-2003-0265

HistoryMay 27, 2003 - 4:00 a.m.

CVE-2003-0265

2003-05-2704:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sap

database security

cve-2003-0265

sdbinst

world-writable permissions

race condition

local attackers

root privileges

7.5 High

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.

CPENameOperatorVersion
sap:sap_dbsap sap dbeq7.4.3.7_beta
sap:sap_dbsap sap dbeq7.3.29

CPE	Name	Operator	Version
sap:sap_db	sap sap db	eq	7.4.3.7_beta
sap:sap_db	sap sap db	eq	7.3.29

References

marc.info/?l=bugtraq&m=105232424810097&w=2

www.securityfocus.com/bid/7421

7.5 High

AI Score

Confidence

Low

6.2 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON