SAP MaxDB Multiple Vulnerabilities

Critical Nessus Network Monitor Plugin ID 4494

Synopsis

The remote database server is affected by multiple issues.

Description

The remote host is running MaxDB, a database server from SAP. According to its version, the remote server is affected by multiple flaws.

- A vulnerability in the 'vserver' process could allow an unauthenticated attacker to execute arbitrary code, subject to the privileges of the user under which the process operates. In order to successfully exploit this issue, an attacker must have prior knowledge of an active database name on the server.
- A design error in 'sdbstarter' could allow an attacker to elevate his privileges to root level.
- A vulnerability in cons.exe could allow command execution before authenticating to the database server.

Solution

Upgrade to SAP MaxDB 7.7.04 Build 08 / 7.7.03 Build 23 / 7.7.02 Build 20 / 7.6.05 Build 02 / 7.6.04 Build 06 / 7.6.03 Build 15 / 7.5.00 Build 48 or higher.

See Also

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670

http://www.securityfocus.com/archive/1/486039

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=669

Plugin Details

Severity: Critical

ID: 4494

Family: Database

Published: 2008/05/05

Modified: 2018/09/16

Nessus ID: 32194

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 9.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.6

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:sap:maxdb

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Reference Information

CVE: CVE-2008-0244, CVE-2008-0306, CVE-2008-0307

BID: 27206, 28183, 28185