Vulnerabilities > CVE-2002-1576 - Unspecified vulnerability in SAP DB 7.3.00

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sap

exploit available

NVD

Published: 2004-04-15

Updated: 2024-11-20

Summary

lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP SAP DB 7.3.00	1

Exploit-Db

description	SAP DB 7.3 .00 Symbolic Link Vulnerability. CVE-2002-1576. Local exploit for unix platform
id	EDB-ID:22067
last seen	2016-02-02
modified	2002-12-04
published	2002-12-04
reporter	SAP Security
source	https://www.exploit-db.com/download/22067/
title	SAP DB 7.3.00 - Symbolic Link Vulnerability

References

http://marc.info/?l=bugtraq&m=103903565829796&w=2
http://marc.info/?l=bugtraq&m=103903565829796&w=2
http://www.sapdb.org/sap_db_alert.htm
http://www.sapdb.org/sap_db_alert.htm
http://www.securityfocus.com/bid/6316
http://www.securityfocus.com/bid/6316
https://exchange.xforce.ibmcloud.com/vulnerabilities/10762
https://exchange.xforce.ibmcloud.com/vulnerabilities/10762