Critical vulnerability in SAP's MaxDB database
SAP's MaxDB contains vulnerabilities that can be exploited remotely to execute malicious code. Local users can also escalate their system privileges. Updates have been provided to remedy the flaws.
Security service provider iDefense has discovered a flaw in the
vserver component that receives incoming connections at TCP port 7210.
vserver handles communication between the server and clients. The program does not check the values that clients transmit. Attackers can therefore overwrite the heap with manipulated queries and execute injected code.
iDefense has also found a vulnerability in the
sdbstarter component of MaxDB. It contains
set-uid root and can be launched by all users in the
sdba group. It processes environment variables with settings for components in the database. By manipulating these variables, local users can launch their own program code with
iDefense discovered the first flaw in version 18.104.22.168 under Linux. The second also affects version 22.214.171.124, but under Linux and Solaris. iDefense expects that previous versions are also vulnerable. SAP has released version 7.6.03.15 of the database to remedy the flaws. Administrators of MaxDB servers are advised to update their system as quickly as possible. Access to TCP port 7210 should also be restricted to trustworthy computers by means of a firewall.
- SAP MaxDB Signedness Error Heap Corruption Vulnerability, iDefense security advisory
- SAP MaxDB sdbstarter Privilege Escalation Vulnerability, iDefense security advisory
- Download the latest version of MaxDB