Sign-up

ID

VAR-200801-0222


CVE

CVE-2008-0244


TITLE

SAP MaxDB Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2008-005366

DESCRIPTION

SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. Multiple database commands expose this issue, including one that is available prior to authentication. MaxDB 7.6.03 build 007 is vulnerable to this issue; other versions may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: MaxDB DBM Command Processing Command Execution Vulnerability SECUNIA ADVISORY ID: SA28409 VERIFY ADVISORY: http://secunia.com/advisories/28409/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in MaxDB, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input validation error in the handling of certain DBM commands (e.g. sending a specially crafted packet to default port 7210/TCP. The vulnerability is confirmed in version 7.6.03.07 on Windows. SOLUTION: Restrict network access to the database service. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/sapone-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2008-0244 // JVNDB: JVNDB-2008-005366 // BID: 27206 // PACKETSTORM: 62509

AFFECTED PRODUCTS

vendor:sapmodel:maxdbscope:lteversion:7.6.3_build_007

Trust: 1.0

vendor:sapmodel:maxdbscope:lteversion:7.6.03 build 007

Trust: 0.8

vendor:sapmodel:maxdbscope:eqversion:7.6.3_build_007

Trust: 0.6

vendor:sapmodel:maxdb buildscope:eqversion:7.6.3007

Trust: 0.3

sources: BID: 27206 // JVNDB: JVNDB-2008-005366 // CNNVD: CNNVD-200801-173 // NVD: CVE-2008-0244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-0244
value: HIGH

Trust: 1.0

NVD: CVE-2008-0244
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200801-173
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2008-0244
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2008-005366 // CNNVD: CNNVD-200801-173 // NVD: CVE-2008-0244

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2008-005366 // NVD: CVE-2008-0244

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200801-173

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200801-173

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-005366

PATCH
title:Top Pageurl:http://maxdb.sap.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-005366

EXTERNAL IDS
db:NVDid:CVE-2008-0244
Trust: 2.7
db:BIDid:27206
Trust: 1.9
db:SECUNIAid:28409
Trust: 1.7
db:EXPLOIT-DBid:4877
Trust: 1.6
db:SREASONid:3536
Trust: 1.6
db:VUPENid:ADV-2008-0104
Trust: 1.6
db:SECTRACKid:1019171
Trust: 1.6
db:JVNDBid:JVNDB-2008-005366
Trust: 0.8
db:XFid:39573
Trust: 0.6
db:MILW0RMid:4877
Trust: 0.6
db:NSFOCUSid:11368
Trust: 0.6
db:BUGTRAQid:20080109 PRE-AUTH REMOTE COMMANDS EXECUTION IN SAP MAXDB 7.6.03.07
Trust: 0.6
db:CNNVDid:CNNVD-200801-173
Trust: 0.6
db:PACKETSTORMid:62509
Trust: 0.1
sources:
            
            
            BID: 27206 // 
            
            
            
            JVNDB: JVNDB-2008-005366 // 
            
            
            
            PACKETSTORM: 62509 // 
            
            
            
            CNNVD: CNNVD-200801-173 // 
            
            
            
            NVD: CVE-2008-0244

REFERENCES
url:http://aluigi.altervista.org/adv/sapone-adv.txt
Trust: 1.7
url:http://www.securitytracker.com/id?1019171
Trust: 1.6
url:http://www.securityfocus.com/bid/27206
Trust: 1.6
url:http://secunia.com/advisories/28409
Trust: 1.6
url:http://securityreason.com/securityalert/3536
Trust: 1.6
url:https://www.exploit-db.com/exploits/4877
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/39573
Trust: 1.0
url:http://www.securityfocus.com/archive/1/486039/100/0/threaded
Trust: 1.0
url:http://www.vupen.com/english/advisories/2008/0104
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0244
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0244
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/39573
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/486039/100/0/threaded
Trust: 0.6
url:http://www.milw0rm.com/exploits/4877
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2008/0104
Trust: 0.6
url:http://www.nsfocus.net/vulndb/11368
Trust: 0.6
url:https://www.sdn.sap.com/irj/sdn/maxdb
Trust: 0.3
url:/archive/1/486039
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/4012/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/advisories/28409/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
sources:
            
            
            BID: 27206 // 
            
            
            
            JVNDB: JVNDB-2008-005366 // 
            
            
            
            PACKETSTORM: 62509 // 
            
            
            
            CNNVD: CNNVD-200801-173 // 
            
            
            
            NVD: CVE-2008-0244

CREDITS
Luigi Auriemma※ aluigi@pivx.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200801-173

SOURCES
db:BIDid:27206
db:JVNDBid:JVNDB-2008-005366
db:PACKETSTORMid:62509
db:CNNVDid:CNNVD-200801-173
db:NVDid:CVE-2008-0244

LAST UPDATE DATE
2024-11-23T22:19:36.674000+00:00

SOURCES UPDATE DATE
db:BIDid:27206date:2010-02-09T05:51:00
db:JVNDBid:JVNDB-2008-005366date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200801-173date:2008-09-05T00:00:00
db:NVDid:CVE-2008-0244date:2024-11-21T00:41:29.393

SOURCES RELEASE DATE
db:BIDid:27206date:2008-01-09T00:00:00
db:JVNDBid:JVNDB-2008-005366date:2012-12-20T00:00:00
db:PACKETSTORMid:62509date:2008-01-10T23:06:04
db:CNNVDid:CNNVD-200801-173date:2008-01-11T00:00:00
db:NVDid:CVE-2008-0244date:2008-01-12T02:46:00