The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-04-15
Updated
2017-07-11
lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-04-15
Updated
2017-07-11
2 vulnerabilities found