Details of VAR-E-200803-0463

ID

VAR-E-200803-0463

CVE

cve_id:

CVE-2008-0306

Trust: 0.3

sources: BID: 28185

TITLE

SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation Vulnerability

Trust: 0.3

sources: BID: 28185

DESCRIPTION

SAP MaxDB is prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. This will lead to the complete compromise of an affected computer.
This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms. Other UNIX variants are most likely affected. Microsoft Windows versions are not vulnerable to this issue.

Trust: 0.3

sources: BID: 28185

AFFECTED PRODUCTS

vendor:

sap

model:

maxdb

scope:

version:

7.6.0.37

Trust: 0.3

sources: BID: 28185

EXPLOIT

An attacker can exploit this issue by gaining local interactive access to the affected computer.

Trust: 0.3

sources: BID: 28185

PRICE

Free

Trust: 0.3

sources: BID: 28185

TYPE

Design Error

Trust: 0.3

sources: BID: 28185

CREDITS

Joshua J. Drake of VeriSign iDefense Labs is credited with discovering this issue.

Trust: 0.3

sources: BID: 28185

EXTERNAL IDS

db:	NVD	id:	CVE-2008-0306	Trust: 0.3
db:	BID	id:	28185	Trust: 0.3

sources: BID: 28185

REFERENCES

url:

https://www.sdn.sap.com/irj/sdn/maxdb

Trust: 0.3

sources: BID: 28185

SOURCES

db:

BID

id:

28185

LAST UPDATE DATE

2022-07-27T10:01:58.335000+00:00

SOURCES UPDATE DATE

db:

BID

id:

28185

date:

2008-03-12T18:01:00

SOURCES RELEASE DATE

db:

BID

id:

28185

date:

2008-03-10T00:00:00