SAP MaxDB 'dbmsrv' Process 'PATH' Environment Variable Local Privilege Escalation Vulnerability

Bugtraq ID:	30474
Class:	Input Validation Error
CVE:	CVE-2008-1810
Remote:	No
Local:	Yes
Published:	Jul 31 2008 12:00AM
Updated:	Jul 31 2008 10:07PM
Credit:	An anonymous researcher working with iDefense
Vulnerable:	SAP MaxDB 7.6.03.15
Not Vulnerable:

SAP MaxDB 'dbmsrv' Process 'PATH' Environment Variable Local Privilege Escalation Vulnerability

SAP MaxDB is prone to a local privilege-escalation vulnerability that occurs in the 'dbmsrv' process because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary code with 'sdb:sdba' privileges. Successfully exploiting this issue will compromise the affected application and possibly the underlying computer.

SAP MaxDB 7.6.03.15 on Linux is vulnerable; other versions running on different platforms may also be affected.

SAP MaxDB 'dbmsrv' Process 'PATH' Environment Variable Local Privilege Escalation Vulnerability

An attacker with local interactive access to the affected computer can exploit this issue.

SAP MaxDB 'dbmsrv' Process 'PATH' Environment Variable Local Privilege Escalation Vulnerability

Solution:
The vendor has released a new version of the application. Please refer to SAP note 1178438 for more information.

SAP MaxDB 'dbmsrv' Process 'PATH' Environment Variable Local Privilege Escalation Vulnerability

References:

• SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability (iDefense Labs)
  
• SAP MaxDB Homepage (SAP)
  
• iDefense Security Advisory 07.30.08: SAP MaxDB dbmsrv Untrusted Execution ([email protected])