CVE-2002-1576

Name of the Vulnerable Software and Affected Versions SAP DB versions 7.3 and earlier

Description The issue concerns the lserver in SAP DB, where it uses the current working directory to find and execute the lserversrv program. This allows local users to gain privileges by using a malicious lserversrv program that is called from a directory with a symlink to the lserver program.

Recommendations For SAP DB versions 7.3 and earlier, consider restricting access to the lserver program to minimize the risk of exploitation. As a temporary workaround, avoid using symlinks in directories from which the lserver program is executed until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.