SAP SAPDBA command for Informix privilege escalation

sap-sapdba-privilege-escalation (26526) The risk level is classified as MediumMedium Risk

Description:

The SAP SAPDBA command for Informix databases could allow a local attacker to gain elevated privileges on the system, caused by improper handling of environment variables. An attacker with valid SAP database credentials could exploit this vulnerability to execute arbitrary commands on the system with Informix user privileges.


Consequences:

Gain Privileges

Remedy:

Refer to SAP note 944585 (accessible by SAP customers only) for patch information. See References.

References:

  • Full-Disclosure Mailing List, Thu May 18 2006 - 09:21:04 CDT: CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command.
  • SAP Service Marketplace: Welcome to the SAP Service Marketplace.
  • SAP Web site: SAPDBA for Informix (SAP Library - SAP Database Guide: Informix (BC-DB-INF-DBA)).
  • BID-18028: SAP SAPDBA Local Privilege Escalation Vulnerability
  • CVE-2006-2547: Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to insecure environment variable handling.
  • SA20180: SAP sapdba Command Insecure Environment Variable Handling
  • SECTRACK ID: 1016122: SAP sapdba Command for Informix Environment Variable Bug Lets Local Users Gain Elevated Privileges
  • VUPEN/ADV-2006-1861: SAP SAPDBA for Informix Environment Variable Privilege Escalation Vulnerability

Platforms Affected:

  • SAP SAP R/3
  • SAP SAPDBA for Informix 700 p100 and prior

Reported:

May 18, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page