ID

VAR-199903-0046


CVE

CVE-1999-0440


TITLE

SAP database development tool INSTLSERVER INSTROOT environment variable vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-1115

DESCRIPTION

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. SAP is an integrated enterprise resource planning system based on client/server architecture and open systems, including database open tools when installed. The SAP database program instlserver has problems handling environment variables. Local attackers can exploit this vulnerability for privilege escalation attacks and gain root user privileges. The instlserver program uses the user-supplied data and still runs with ROOT privileges when chmod and chown some files. When running the 'DevTool/bin/instlserver' program, according to the environment variable 'INSTROOT', the specified file will be chowned and chmoded. The attacker builds a malicious file and stores it in the location specified by the environment variable, and gets a suid root. Properties of the program, thereby increasing permissions. Several vendors have released versions of the Java Virtual Machine including Sun Microsystems and Netscape. A serious vulnerability exists in certain current versions of the JVM. It is exploited by an attacker who creates an applet which references an object using two pointers of incompatible type. This circumvents Java's typing rules, and can permit a malicious applet to undermine the normal java security measures on the victim's system. If the victim can be led to visit the attacker's website, the applet can be used by the attacker to assume control of the remote system, making it possible to read or overwrite data, and to run arbitrary code on the host machine

Trust: 1.98

sources: NVD: CVE-1999-0440 // CNVD: CNVD-2003-1115 // BID: 1939 // BID: 7408

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2003-1115

AFFECTED PRODUCTS

vendor:netscapemodel:navigatorscope:eqversion:4.06

Trust: 1.6

vendor:netscapemodel:navigatorscope:eqversion:4.08

Trust: 1.6

vendor:netscapemodel:navigatorscope:eqversion:4.07

Trust: 1.6

vendor:netscapemodel:navigatorscope:eqversion:4.02

Trust: 1.6

vendor:netscapemodel:navigatorscope:eqversion:4.03

Trust: 1.6

vendor:netscapemodel:navigatorscope:eqversion:4.05

Trust: 1.6

vendor:netscapemodel:navigatorscope:eqversion:4.04

Trust: 1.6

vendor:netscapemodel:navigatorscope:eqversion:4.0

Trust: 1.6

vendor:netscapemodel:communicatorscope:eqversion:4.5

Trust: 1.6

vendor:netscapemodel:navigatorscope:eqversion:4.01

Trust: 1.6

vendor:netscapemodel:navigatorscope:eqversion:4.5

Trust: 1.0

vendor:netscapemodel:navigatorscope:eqversion:4.61

Trust: 1.0

vendor:sunmodel:javascope:eqversion:*

Trust: 1.0

vendor:sapmodel:dbscope:eqversion:7.4.03.27

Trust: 0.6

vendor:sunmodel:jdkscope:eqversion:1.2

Trust: 0.3

vendor:sunmodel:jdkscope:eqversion:1.1

Trust: 0.3

vendor:netscapemodel:navigatorscope:eqversion:4.0x

Trust: 0.3

vendor:microsoftmodel:jvmscope:neversion:1.1

Trust: 0.3

vendor:sapmodel:dbscope:eqversion:7.4

Trust: 0.3

vendor:sapmodel:dbscope:eqversion:7.3.00

Trust: 0.3

sources: CNVD: CNVD-2003-1115 // BID: 1939 // BID: 7408 // CNNVD: CNNVD-199903-003 // NVD: CVE-1999-0440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0440
value: HIGH

Trust: 1.0

CNVD: CNVD-2003-1115
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-199903-003
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-1999-0440
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2003-1115
severity: MEDIUM
baseScore: 4.3
vectorString: AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2003-1115 // CNNVD: CNNVD-199903-003 // NVD: CVE-1999-0440

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0440

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199903-003

TYPE

Design Error

Trust: 0.9

sources: BID: 1939 // CNNVD: CNNVD-199903-003

EXTERNAL IDS

db:BIDid:1939

Trust: 1.9

db:NVDid:CVE-1999-0440

Trust: 1.9

db:BIDid:7408

Trust: 0.9

db:CNVDid:CNVD-2003-1115

Trust: 0.6

db:BUGTRAQid:19990405 SECURITY HOLE IN JAVA 2 (AND JDK 1.1.X)

Trust: 0.6

db:CNNVDid:CNNVD-199903-003

Trust: 0.6

sources: CNVD: CNVD-2003-1115 // BID: 1939 // BID: 7408 // CNNVD: CNNVD-199903-003 // NVD: CVE-1999-0440

REFERENCES

url:http://java.sun.com/pr/1999/03/pr990329-01.html

Trust: 2.6

url:http://www.securityfocus.com/bid/1939

Trust: 2.6

url:http://marc.info/?l=bugtraq&m=92333596624452&w=2

Trust: 2.0

url:http://marc.theaimsgroup.com/?l=bugtraq&m=105103613727471&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2

Trust: 0.6

url:http://listserv.sap.com/pipermail/sapdb.sources/2003-april/000142.html

Trust: 0.3

url:/archive/1/319409

Trust: 0.3

sources: CNVD: CNVD-2003-1115 // BID: 7408 // CNNVD: CNNVD-199903-003 // NVD: CVE-1999-0440

CREDITS

Reported to bugtraq by Gary McGraw <gem@rstcorp.com> on Mon Apr 05 1999. Credit given to Karsten Sohr at the University of Marburg <sohr@mathematik.uni-marburg.de>

Trust: 0.9

sources: BID: 1939 // CNNVD: CNNVD-199903-003

SOURCES

db:CNVDid:CNVD-2003-1115
db:BIDid:1939
db:BIDid:7408
db:CNNVDid:CNNVD-199903-003
db:NVDid:CVE-1999-0440

LAST UPDATE DATE

2024-11-22T23:05:59.298000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2003-1115date:2003-04-22T00:00:00
db:BIDid:1939date:1999-04-05T00:00:00
db:BIDid:7408date:2009-07-11T21:07:00
db:CNNVDid:CNNVD-199903-003date:2005-05-02T00:00:00
db:NVDid:CVE-1999-0440date:2024-11-20T23:28:44.600

SOURCES RELEASE DATE

db:CNVDid:CNVD-2003-1115date:2003-04-22T00:00:00
db:BIDid:1939date:1999-04-05T00:00:00
db:BIDid:7408date:2003-04-22T00:00:00
db:CNNVDid:CNNVD-199903-003date:1999-03-01T00:00:00
db:NVDid:CVE-1999-0440date:1999-03-01T05:00:00