CVE-2008-1810

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2008-1810 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2008-1810

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* SAP MaxDB version 7.6.03.15 on Linux

When a local user runs the "dbmcli" program, the MaxDB executes a "dbmsrv" process on the user's behalf. The "dbmsrv" process, which is responsible for executing user commands, runs as the user "sdb" with group "sdba".

This vulnerability exists due to improper sanitization of the "PATH" environment variable. By prefixing the "PATH" environment variable with a path under the attacker control, one is able to execute arbitrary code with "sdb:sdba" privileges.

Analysis:
Exploitation allows an attacker to execute arbitrary code with privileges of the database owner, usually "sdb". To exploit this vulnerability, an attacker must have the ability to create executables on the system.

Vendor response:
SAP AG has addressed this vulnerability by releasing a new version of MaxDB. For more information, consult SAP note 1178438.

CVE Information:
CVE-2008-1810

Disclosure timeline:
03/27/2008 - Initial vendor notification
04/01/2008 - Initial vendor response
07/30/2008 - Coordinated public disclosure

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus