Moderate

CVE-2003-0265 - Unspecified vulnerability in SAP DB

Publication: 2003-05-27
Summary

Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed.

Risk level (CVSS 6.2)

Moderate

6.2

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • SAP SAP DB 7.3.29
  • SAP SAP DB 7.4.3.7_beta