Vulnerabilities > CVE-2002-1576 - Symbolic Link vulnerability in SAP DB 7.3.00

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
sap
exploit available
NVD
Published: 2004-04-15
Updated: 2017-07-11

Summary

lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.

Vulnerable Configurations

Part Description Count
Application
Sap
1

Exploit-Db

descriptionSAP DB 7.3 .00 Symbolic Link Vulnerability. CVE-2002-1576. Local exploit for unix platform
idEDB-ID:22067
last seen2016-02-02
modified2002-12-04
published2002-12-04
reporterSAP Security
sourcehttps://www.exploit-db.com/download/22067/
titleSAP DB 7.3.00 - Symbolic Link Vulnerability

References