Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3758
HistoryAug 03, 2008 - 12:00 a.m.

SAP MaxDB dbmsrv 进程PATH环境变量本地权限提升漏洞

2008-08-0300:00:00
Root
www.seebug.org
17

0.0004 Low

EPSS

Percentile

5.7%

JSON

BUGTRAQ ID: 30474
CVE(CAN) ID: CVE-2008-1810

MaxDB是SAP应用中广泛使用的数据库管理系统。

当本地用户运行dbmcli程序时,MaxDB会代表用户执行dbmsrv进程。该进程负责执行用户命令,以sdba组的sdb用户权限运行。由于没有正确地过滤PATH环境变量,如果在变量前添加了攻击者所控制的路径的话,就可能导致以sdb:sdba权限执行任意指令。

SAP MaxDB 7.6.03.15
SAP

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://www.sap.com/” target=“_blank”>http://www.sap.com/</a>

Related

securityvulns 1
prion 1
cve 1
securityvulns
securityvulns
iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability
2008-08-01 00:00:00
prion
prion
Design/Logic Flaw
2008-08-01 14:41:00
cve
cve
CVE-2008-1810
2008-08-01 14:41:00

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for SSV:3758
securityvulns1prion1cve1