Vulnerabilities > CVE-2003-1033 - Unspecified vulnerability in SAP DB 7.3.00/7.4
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |