CVE-2003-0265

SAP Database 7.3.0.29 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0265. PoCs published by Larry W. Cashdollar.

AI-analyzed exploit summary This exploit leverages a race condition in SAP Database SDBINST during installation to replace a file with a malicious one before the setuid bit is set, potentially granting root privileges. The script continuously checks for a specific file and replaces it with a malicious binary if found.

Description

Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Larry W. Cashdollar · perllocallinux

https://www.exploit-db.com/exploits/22531

View Code ZIP pw:eip

This exploit leverages a race condition in SAP Database SDBINST during installation to replace a file with a malicious one before the setuid bit is set, potentially granting root privileges. The script continuously checks for a specific file and replaces it with a malicious binary if found.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: SAP Database SDBINST (version 7.3.0.29)

No auth needed

Prerequisites: Access to the system during SAP Database installation · Ability to write to the target directory

MITRE ATT&CK

T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/7421

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105232424810097&w=2

Scores

EPSS 0.0086

EPSS Percentile 53.8%

Details

Status published

Products (2)

sap/sap_db 7.3.29

sap/sap_db 7.4.3.7_beta

Published May 27, 2003

Tracked Since Feb 18, 2026