Details of VAR-199903-0046

ID

VAR-199903-0046

CVE

CVE-1999-0440

TITLE

SAP database development tool INSTLSERVER INSTROOT environment variable vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-1115

DESCRIPTION

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. SAP is an integrated enterprise resource planning system based on client/server architecture and open systems, including database open tools when installed. The SAP database program instlserver has problems handling environment variables. Local attackers can exploit this vulnerability for privilege escalation attacks and gain root user privileges. The instlserver program uses the user-supplied data and still runs with ROOT privileges when chmod and chown some files. When running the 'DevTool/bin/instlserver' program, according to the environment variable 'INSTROOT', the specified file will be chowned and chmoded. The attacker builds a malicious file and stores it in the location specified by the environment variable, and gets a suid root. Properties of the program, thereby increasing permissions. Several vendors have released versions of the Java Virtual Machine including Sun Microsystems and Netscape. A serious vulnerability exists in certain current versions of the JVM. It is exploited by an attacker who creates an applet which references an object using two pointers of incompatible type. This circumvents Java's typing rules, and can permit a malicious applet to undermine the normal java security measures on the victim's system. If the victim can be led to visit the attacker's website, the applet can be used by the attacker to assume control of the remote system, making it possible to read or overwrite data, and to run arbitrary code on the host machine

Trust: 1.98

sources: NVD: CVE-1999-0440 // CNVD: CNVD-2003-1115 // BID: 1939 // BID: 7408

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-1115

AFFECTED PRODUCTS

vendor:	netscape	model:	navigator	scope:	eq	version:	4.06	Trust: 1.6
vendor:	netscape	model:	navigator	scope:	eq	version:	4.08	Trust: 1.6
vendor:	netscape	model:	navigator	scope:	eq	version:	4.07	Trust: 1.6
vendor:	netscape	model:	navigator	scope:	eq	version:	4.02	Trust: 1.6
vendor:	netscape	model:	navigator	scope:	eq	version:	4.03	Trust: 1.6
vendor:	netscape	model:	navigator	scope:	eq	version:	4.05	Trust: 1.6
vendor:	netscape	model:	navigator	scope:	eq	version:	4.04	Trust: 1.6
vendor:	netscape	model:	navigator	scope:	eq	version:	4.0	Trust: 1.6
vendor:	netscape	model:	communicator	scope:	eq	version:	4.5	Trust: 1.6
vendor:	netscape	model:	navigator	scope:	eq	version:	4.01	Trust: 1.6
vendor:	sun	model:	java	scope:	eq	version:	*	Trust: 1.0
vendor:	netscape	model:	navigator	scope:	eq	version:	4.5	Trust: 1.0
vendor:	netscape	model:	navigator	scope:	eq	version:	4.61	Trust: 1.0
vendor:	sap	model:	db	scope:	eq	version:	7.4.03.27	Trust: 0.6
vendor:	sun	model:	jdk	scope:	eq	version:	1.2	Trust: 0.3
vendor:	sun	model:	jdk	scope:	eq	version:	1.1	Trust: 0.3
vendor:	netscape	model:	navigator	scope:	eq	version:	4.0x	Trust: 0.3
vendor:	microsoft	model:	jvm	scope:	ne	version:	1.1	Trust: 0.3
vendor:	sap	model:	db	scope:	eq	version:	7.4	Trust: 0.3
vendor:	sap	model:	db	scope:	eq	version:	7.3.00	Trust: 0.3

sources: CNVD: CNVD-2003-1115 // BID: 1939 // BID: 7408 // CNNVD: CNNVD-199903-003 // NVD: CVE-1999-0440

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-1999-0440
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2003-1115
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-199903-003
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-1999-0440
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2003-1115
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-1115 // CNNVD: CNNVD-199903-003 // NVD: CVE-1999-0440

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0440

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199903-003

TYPE

Design Error

Trust: 0.9

sources: BID: 1939 // CNNVD: CNNVD-199903-003

EXTERNAL IDS

db:	BID	id:	1939	Trust: 1.9
db:	NVD	id:	CVE-1999-0440	Trust: 1.9
db:	BID	id:	7408	Trust: 0.9
db:	CNVD	id:	CNVD-2003-1115	Trust: 0.6
db:	BUGTRAQ	id:	19990405 SECURITY HOLE IN JAVA 2 (AND JDK 1.1.X)	Trust: 0.6
db:	CNNVD	id:	CNNVD-199903-003	Trust: 0.6

sources: CNVD: CNVD-2003-1115 // BID: 1939 // BID: 7408 // CNNVD: CNNVD-199903-003 // NVD: CVE-1999-0440

REFERENCES

url:	http://java.sun.com/pr/1999/03/pr990329-01.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/1939	Trust: 1.6
url:	http://marc.info/?l=bugtraq&m=92333596624452&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=105103613727471&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2	Trust: 0.6
url:	http://listserv.sap.com/pipermail/sapdb.sources/2003-april/000142.html	Trust: 0.3
url:	/archive/1/319409	Trust: 0.3

sources: CNVD: CNVD-2003-1115 // BID: 7408 // CNNVD: CNNVD-199903-003 // NVD: CVE-1999-0440

CREDITS

Reported to bugtraq by Gary McGraw <gem@rstcorp.com> on Mon Apr 05 1999. Credit given to Karsten Sohr at the University of Marburg <sohr@mathematik.uni-marburg.de>

Trust: 0.9

sources: BID: 1939 // CNNVD: CNNVD-199903-003

SOURCES

db:	CNVD	id:	CNVD-2003-1115
db:	BID	id:	1939
db:	BID	id:	7408
db:	CNNVD	id:	CNNVD-199903-003
db:	NVD	id:	CVE-1999-0440

LAST UPDATE DATE

2024-08-14T15:04:48.086000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-1115	date:	2003-04-22T00:00:00
db:	BID	id:	1939	date:	1999-04-05T00:00:00
db:	BID	id:	7408	date:	2009-07-11T21:07:00
db:	CNNVD	id:	CNNVD-199903-003	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-1999-0440	date:	2016-10-18T01:59:21.563

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-1115	date:	2003-04-22T00:00:00
db:	BID	id:	1939	date:	1999-04-05T00:00:00
db:	BID	id:	7408	date:	2003-04-22T00:00:00
db:	CNNVD	id:	CNNVD-199903-003	date:	1999-03-01T00:00:00
db:	NVD	id:	CVE-1999-0440	date:	1999-03-01T05:00:00