lserver software vulnerabilities
vulnerabilities.aspcode.net
Searching lserver software vulnerabilities
The (1) instdbmsrv and (2) instlserver programs
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
The RPM installation of SAP DB 7.x creates the
installation
|
creates
|
SAP
|
RPM
|
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
Software vulnerabilities results 1 to 3 of 3
Page:
1