Sign-up

ID

VAR-200404-0022


CVE

CVE-2003-1033


TITLE

SAP database development tool INSTLSERVER INSTROOT environment variable vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-1115

DESCRIPTION

The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program. SAP is an integrated enterprise resource planning system based on client/server architecture and open systems, including database open tools when installed. The SAP database program instlserver has problems handling environment variables. Local attackers can exploit this vulnerability for privilege escalation attacks and gain root user privileges. The instlserver program uses the user-supplied data and still runs with ROOT privileges when chmod and chown some files. When running the 'DevTool/bin/instlserver' program, according to the environment variable 'INSTROOT', the specified file will be chowned and chmoded. The attacker builds a malicious file and stores it in the location specified by the environment variable, and gets a suid root. Properties of the program, thereby increasing permissions

Trust: 2.16

sources: NVD: CVE-2003-1033 // CNVD: CNVD-2003-1115 // BID: 7407 // BID: 7408 // IVD: 53d9620e-204b-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 53d9620e-204b-11e6-abef-000c29c66e3d // CNVD: CNVD-2003-1115

AFFECTED PRODUCTS

vendor:sapmodel:dbscope:eqversion:7.4

Trust: 2.2

vendor:sapmodel:dbscope:eqversion:7.3.00

Trust: 2.2

vendor:sapmodel:dbscope:eqversion:7.4.03.27

Trust: 0.8

vendor:sapmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 53d9620e-204b-11e6-abef-000c29c66e3d // CNVD: CNVD-2003-1115 // BID: 7407 // BID: 7408 // CNNVD: CNNVD-200404-057 // NVD: CVE-2003-1033

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-1033
value: HIGH

Trust: 1.0

CNVD: CNVD-2003-1115
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-200404-057
value: HIGH

Trust: 0.6

IVD: 53d9620e-204b-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2003-1033
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2003-1115
severity: MEDIUM
baseScore: 4.3
vectorString: AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 53d9620e-204b-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 4.3
vectorString: AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 53d9620e-204b-11e6-abef-000c29c66e3d // CNVD: CNVD-2003-1115 // CNNVD: CNNVD-200404-057 // NVD: CVE-2003-1033

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1033

THREAT TYPE

local

Trust: 1.2

sources: BID: 7407 // BID: 7408 // CNNVD: CNNVD-200404-057

TYPE

Input validation

Trust: 0.8

sources: IVD: 53d9620e-204b-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200404-057

EXTERNAL IDS

db:BIDid:7408

Trust: 2.5

db:NVDid:CVE-2003-1033

Trust: 2.4

db:BIDid:7407

Trust: 1.9

db:CNVDid:CNVD-2003-1115

Trust: 0.8

db:CNNVDid:CNNVD-200404-057

Trust: 0.8

db:MLISTid:[SAP DB DEV] 20030422 SECURITY ALERT: DEVELOPMENT TOOLS

Trust: 0.6

db:BUGTRAQid:20030422 SRT2003-04-22-1336 - SAP DB DEVELOPMENT TOOLS INSTALL FLAW

Trust: 0.6

db:XFid:11842

Trust: 0.6

db:IVDid:53D9620E-204B-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 53d9620e-204b-11e6-abef-000c29c66e3d // CNVD: CNVD-2003-1115 // BID: 7407 // BID: 7408 // CNNVD: CNNVD-200404-057 // NVD: CVE-2003-1033

REFERENCES

url:http://www.securityfocus.com/bid/7407

Trust: 1.6

url:http://www.securityfocus.com/bid/7408

Trust: 1.6

url:http://listserv.sap.com/pipermail/sapdb.sources/2003-april/000143.html

Trust: 1.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=105103613727471&w=2

Trust: 1.2

url:http://marc.info/?l=bugtraq&m=105103613727471&w=2

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/11842

Trust: 1.0

url:http://listserv.sap.com/pipermail/sapdb.sources/2003-april/000142.html

Trust: 0.6

url:/archive/1/319409

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/11842

Trust: 0.6

sources: CNVD: CNVD-2003-1115 // BID: 7407 // BID: 7408 // CNNVD: CNNVD-200404-057 // NVD: CVE-2003-1033

CREDITS

Discovery credited to Secure Network Operations, Inc.

Trust: 0.6

sources: BID: 7407 // BID: 7408

SOURCES

db:IVDid:53d9620e-204b-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2003-1115
db:BIDid:7407
db:BIDid:7408
db:CNNVDid:CNNVD-200404-057
db:NVDid:CVE-2003-1033

LAST UPDATE DATE

2024-08-14T15:04:48.119000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2003-1115date:2003-04-22T00:00:00
db:BIDid:7407date:2009-07-11T21:07:00
db:BIDid:7408date:2009-07-11T21:07:00
db:CNNVDid:CNNVD-200404-057date:2005-10-20T00:00:00
db:NVDid:CVE-2003-1033date:2017-07-11T01:29:40.777

SOURCES RELEASE DATE

db:IVDid:53d9620e-204b-11e6-abef-000c29c66e3ddate:2003-04-22T00:00:00
db:CNVDid:CNVD-2003-1115date:2003-04-22T00:00:00
db:BIDid:7407date:2003-04-22T00:00:00
db:BIDid:7408date:2003-04-22T00:00:00
db:CNNVDid:CNNVD-200404-057date:2003-04-22T00:00:00
db:NVDid:CVE-2003-1033date:2004-04-15T04:00:00