sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Maxdb | Sap | 7.6.0.37 (including) | 7.6.0.37 (including) |
| Maxdb-7.5.00 | Ubuntu | dapper | * |
| Maxdb-7.5.00 | Ubuntu | edgy | * |
| Maxdb-7.5.00 | Ubuntu | feisty | * |
| Maxdb-7.5.00 | Ubuntu | gutsy | * |
| Maxdb-7.5.00 | Ubuntu | upstream | * |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670
- http://secunia.com/advisories/29312
- http://www.securityfocus.com/bid/28185
- http://www.securitytracker.com/id?1019570
- http://www.vupen.com/english/advisories/2008/0844/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41104
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670
- http://secunia.com/advisories/29312
- http://www.securityfocus.com/bid/28185
- http://www.securitytracker.com/id?1019570
- http://www.vupen.com/english/advisories/2008/0844/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41104