← back
CVE-2003-1033

CVE-2003-1033

EPSS 0.3%
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://listserv.sap.com/pipermail/sapdb.sources/2003-April/000143.htmlhttp://marc.info/?l=bugtraq&m=105103613727471&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/11842http://www.securityfocus.com/bid/7407http://www.securityfocus.com/bid/7408