Lucene search
K

3 matches found

seebug.org
seebug.org
added 2008/08/03 12:0 a.m.40 views

SAP MaxDB dbmsrv 进程PATH环境变量本地权限提升漏洞

BUGTRAQ ID: 30474 CVECAN ID: CVE-2008-1810 MaxDB是SAP应用中广泛使用的数据库管理系统。 当本地用户运行dbmcli程序时,MaxDB会代表用户执行dbmsrv进程。该进程负责执行用户命令,以sdba组的sdb用户权限运行。由于没有正确地过滤PATH环境变量,如果在变量前添加了攻击者所控制的路径的话,就可能导致以sdb:sdba权限执行任意指令。 SAP MaxDB 7.6.03.15 SAP --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.sap.com/...

4.4CVSS6.5AI score0.00337EPSS
Exploits1
CVE
CVE
added 2008/08/01 2:0 p.m.54 views

CVE-2008-1810

The CVE-2008-1810 issue affects SAP MaxDB 7.6.03.15 on Linux, where the dbmsrv process runs with sdb:sdba privileges and is vulnerable to privilege escalation via a manipulated PATH variable. Local users can exploit an untrusted search path by prefixing PATH with attacker-controlled directories w...

4.4CVSS6.5AI score0.00337EPSS
Exploits1References6Affected Software1
securityvulns
securityvulns
added 2008/08/01 12:0 a.m.55 views

iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability

iDefense Security Advisory 07.30.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 30, 2008 I. BACKGROUND SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for...

4.4CVSS0.8AI score0.00337EPSS
Exploits1
Rows per page
Query Builder