PT-2008-1888 · Sap · Sap Maxdb

Luigi Auriemma

Published

2008-01-12

Updated

2018-10-15

CVE-2008-0244

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SAP MaxDB version 7.6.03 build 007 and earlier

Description The issue allows remote attackers to execute arbitrary commands. This is achieved by using shell metacharacters, such as &&, in commands like exec sdbinfo and other unspecified commands. These commands are executed when MaxDB invokes cons.exe.

Recommendations For SAP MaxDB version 7.6.03 build 007 and earlier, consider restricting the use of exec sdbinfo and other affected commands until a fix is available. As a temporary workaround, avoid using shell metacharacters like && in these commands to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-0244

Affected Products

Sap Maxdb

PT-2008-1888 · Sap · Sap Maxdb

CVE-2008-0244

Weakness Enumeration

Related Identifiers

Affected Products

References · 11