CVE-2003-1033

The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:sap_db:7.3.00:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_db:7.4:*:*:*:*:*:*:*

Information

Published : 2004-04-14 21:00

Updated : 2017-07-10 18:29


NVD link : CVE-2003-1033

Mitre link : CVE-2003-1033


JSON object : View

Advertisement

dedicated server usa

Products Affected

sap

  • sap_db