Description
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11842
Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7407
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/7408
Various Sources mailing-list
x_refsource_mlist
http://listserv.sap.com/pipermail/sapdb.sources/2003-April/000143.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105103613727471&w=2
Scores
EPSS
0.0004
EPSS Percentile
10.7%
Details
Status
published
Products (2)
sap/sap_db
7.3.00
sap/sap_db
7.4
Published
Apr 15, 2004
Tracked Since
Feb 18, 2026