In association with heise online

12 January 2008, 13:12

Vulnerability in the MaxDB database system

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A serious vulnerability has been discovered in the relational database management system MaxDB developed by SAP. According to security expert Luigi Auriemma, who discovered the problem, attackers can remotely issue system commands without prior authentication, allowing them to take control of servers. The flaw affects all versions up to and including 7.6.03 build 007.

According to Auriemma, MaxDB executes the cons.exe DATABASE COMMAND through the system() function call in an unsafe fashion when certain commands are called – two examples are the show and exec_sdbinfo queries. This allows attackers to issue arbitrary commands, which are then executed on the system. Auriemma gives the following command as an example: exec_sdbinfo && echo dir c:\ | cmd.exe which does not require authenticated database access.

Auriemma also provides other proof-of-concept exploit code on his website which puts unsecured MaxDB installations at a severe risk of an attack. An updated version of the database has not yet been released by vendor SAP. MaxDB admins should limit network access to the database server to trusted computers until a fix is available.

See also:

  • Luigi Auriemma's bug report on the MaxDB vulnerability
  • Download the MaxDB Community Edition


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit