In association with heise online

04 August 2008, 13:39

Security updates for SAP and Ingres databases

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

iDefense reports that a vulnerability in SAP's MaxDB database, can be exploited in order to elevate privileges on the system hosting it. The report says the dbmsrv application, if run with the command-line tool dbmcli, does not correctly sanitise the PATH environment variable. Use of manipulated PATH variables reportedly enables arbitrary code to be run with SDS privileges. Version 7.6.03.15 under Linux is affected, and other versions may also be vulnerable. According to iDefense – SAP note 1178438 – SAP has issued a new version to eliminate the error.

Apparently the Ingres database, which, for example, is delivered along with many products from Computer Associates, is similarly defective in checking the PATH variable. It also suffers a buffer overflow that allows code to be inserted and run with the rights of the database. The verifydb tool also facilitates an attack by means of symbolic links, so that, for example, system files can be manipulated. Ingres 2006 release 2 (9.1.0), Ingres 2006 release 1 (9.0.4) and Ingres 2.6 are affected. The Ingres Service Desk is supplying fixes and recommends that they be applied as quickly as possible.

See also:

(trk)

Print Version | Send by email | Permalink: http://h-online.com/-736737
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit