SAP MaxDB Multiple Vulnerabilities
Critical Nessus Network Monitor Plugin ID 4494
SynopsisThe remote database server is affected by multiple issues.
DescriptionThe remote host is running MaxDB, a database server from SAP. According to its version, the remote server is affected by multiple flaws.
- A vulnerability in the 'vserver' process could allow an unauthenticated attacker to execute arbitrary code, subject to the privileges of the user under which the process operates. In order to successfully exploit this issue, an attacker must have prior knowledge of an active database name on the server.
- A design error in 'sdbstarter' could allow an attacker to elevate his privileges to root level.
- A vulnerability in cons.exe could allow command execution before authenticating to the database server.
SolutionUpgrade to SAP MaxDB 7.7.04 Build 08 / 7.7.03 Build 23 / 7.7.02 Build 20 / 7.6.05 Build 02 / 7.6.04 Build 06 / 7.6.03 Build 15 / 7.5.00 Build 48 or higher.