|
|
| |
| SAP's MaxDB is "a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for download from the SAP SDN website (sdn.sap.com) as a community edition with free community support for public use beyond the scope of SAP applications. The "sdbstarter" program is set-uid root and installed by default". Local exploitation of a design error in the "sdbstarter" program, as distributed with SAP AG's MaxDB, could allow attackers to elevate privileges to root. |
| |
Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670
|
| |
Vulnerable Systems:
* SAP AG's MaxDB version 7.6.0.37
This vulnerability exists due to a design error in the handling of certain environment variables. These variables are used to specify the configuration settings to be used by various MaxDB components. Since the "sdbstarter" program honors these settings, an attacker can execute arbitrary code with root privileges.
Analysis:
Exploitation allows an attacker to execute arbitrary code with root privileges. To exploit this vulnerability, an attacker must be able to execute the "sdbstarter" program. In a default installation, this requires that the attacker be a member of the "sdba" group.
It is important to note that this vulnerability is not architecture dependent. This vulnerability is trivially exploitable on any
Unix-based SAP MaxDB installation.
Vendor response:
SAP AG has addressed this vulnerability by releasing a new version of MaxDB. For more information, consult SAP note 1140135.
CVE Information:
CVE-2008-0306
Disclosure timeline:
12/05/2007 - Initial vendor notification
12/06/2007 - Initial vendor response
03/10/2008 - Coordinated public disclosure
|
|
|
|
|
|
|
|
