>> SAP MaxDB Memory Corruption and Privilege Escalation Vulnerabilities
Title : SAP MaxDB Memory Corruption and Privilege Escalation Vulnerabilities VUPEN ID : VUPEN/ADV-2008-0844 CVE ID : CVE-2008-0306 - CVE-2008-0307
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-03-11
Technical Description
Multiple vulnerabilities have been identified in SAP MaxDB, which could be exploited by remote or local attackers to cause a denial of service or compromise an affected system.
The first issue is caused by a signedness error in the "vserver" component when processing user-supplied data, which could be exploited by an attacker who knows the name of an active database on the server to cause a denial of service or potentially execute arbitrary code by sending a specially crafted request to port 7210/TCP.
The second vulnerability is caused by a design error in the "sdbstarter" utility when handling environment variables, which could be exploited by a local attacker (member of the "sdba" group) to execute arbitrary code with "root" privileges.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
