SAP Database 7.3/7.4 SDBINST Race Condition Vulnerability

ID SSV:76330
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


SAP Database SDBINST has been reported prone to a race condition vulnerability.

It has been reported that the SAP Database install tool SDBINST may perform operations non-atomically when installing the SAP database. This condition may open a window of opportunity for a malicious user to replace one of two SAP Database files with a malicious file, before SBDINST sets the setuid bit on the files.

An attacker may exploit this vulnerability to gain root privileges. 


while (1) {

$test =`grep -sh PRECOM.ins

if ( $test =~ /PRECOM/ ) {
system("cp /home/lwc/run /usr/sapdb/depend/pgm/lserver");