CVE-2016-5847

MEDIUM

SAP SAPCAR Archive Tool - Arbitrary File Permission Change via Hard Link Attack

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-5847. PoCs published by Core Security.

AI-analyzed exploit summary The document describes two vulnerabilities in SAPCAR (CVE-2016-5845 and CVE-2016-5847), including a denial-of-service via invalid filenames and a TOCTOU race condition leading to privilege escalation. Proof-of-concept archive files are provided to demonstrate the issues.

Description

SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Core Security · textdoslinux

https://www.exploit-db.com/exploits/40230

View Code ZIP pw:eip

The document describes two vulnerabilities in SAPCAR (CVE-2016-5845 and CVE-2016-5847), including a denial-of-service via invalid filenames and a TOCTOU race condition leading to privilege escalation. Proof-of-concept archive files are provided to demonstrate the issues.

Classification

Writeup 100%

Attack Type

Dos | Other

Complexity

Moderate

Reliability

Reliable

Target: SAPCAR archive tool (version 2.01 and possibly others)

No auth needed

Prerequisites: Local access to the system where SAPCAR is being executed · Ability to place a malicious archive file in a directory processed by SAPCAR

MITRE ATT&CK

T1499 - Endpoint Denial of Service T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →