Vulnerability Name:

CVE-2003-1033 (CCN-7408)

Assigned:2001-07-09
Published:2001-07-09
Updated:2017-07-11
Summary:The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2003-1033

Source: MLIST
Type: UNKNOWN
[SAP DB Dev] 20030422 Security Alert: Development Tools

Source: BUGTRAQ
Type: UNKNOWN
20030422 SRT2003-04-22-1336 - SAP DB Development Tools install flaw

Source: CCN
Type: Hewlett-Packard Company Security Bulletin HPSBUX0107-158
Security Vulnerability in ecsd

Source: CCN
Type: CIAC Information Bulletin L-110
HP Open View Event Correlation Services Vulnerability

Source: BID
Type: Patch, Vendor Advisory
7407

Source: CCN
Type: BID-7407
SAP Database Development Tools INSTDBMSRV INSTROOT Environment Variable Vulnerability

Source: BID
Type: UNKNOWN
7408

Source: CCN
Type: BID-7408
SAP Database Development Tools INSTLSERVER INSTROOT Environment Variable Vulnerability

Source: XF
Type: UNKNOWN
sap-db-gain-privileges(11842)

Source: XF
Type: UNKNOWN
openview-nnm-ecsd-access(7408)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sap:sap_db:7.3.00:*:*:*:*:*:*:*
  • OR cpe:/a:sap:sap_db:7.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:sunos:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.10:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:11.00:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:10.20:*:*:*:*:*:*:*
  • OR cpe:/o:sun:sunos:4.1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2003-1033 (CCN-11842)

    Assigned:2003-04-22
    Published:2003-04-22
    Updated:2003-04-22
    Summary:SAP DB could allow a local attacker to gain elevated privileges. The dbmsrv and lserver programs, which are SAP DB Development Tools, change to suid root programs during installation. A local attacker could use this vulnerability to gain root access to the server.
    CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
    Exploitability Metrics:Attack Vector (AV): Local
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Local
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Consequences:Gain Privileges
    References:Source: CCN
    Type: Secure Network Operations Advisory SRT2003-04-22-1336
    SAP DB Development Tools install flaw

    Source: MITRE
    Type: CNA
    CVE-2003-1033

    Source: CCN
    Type: BID-7407
    SAP Database Development Tools INSTDBMSRV INSTROOT Environment Variable Vulnerability

    Source: CCN
    Type: BID-7408
    SAP Database Development Tools INSTLSERVER INSTROOT Environment Variable Vulnerability

    Source: XF
    Type: UNKNOWN
    sap-db-gain-privileges(11842)

    BACK
    sap sap db 7.3.00
    sap sap db 7.4
    sun solaris 2.6
    hp hp-ux 10.10
    hp hp-ux 11.00
    hp hp-ux 10.20
    sun solaris 1.0