Back to search
CVE-2002-1576
Published: Mar 16, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
sap-db-lserversrv-symlink(10762)
vdb-entry
x_refsource_XF
6316
vdb-entry
x_refsource_BID
http://www.sapdb.org/sap_db_alert.htm
x_refsource_CONFIRM
20021204 SAP database local root via symlink
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now