| VID |
23059 |
| Severity |
20 |
| Port |
7210 |
| Protocol |
TCP |
| Class |
SAPDB |
| Detailed Description |
A SAP DB vserver has been detected as running on the system.
The SAP DB is a freely available open-source database for Microsoft Windows and Unix-based operating systems. Multiple vulnerabilities has been reported in SAP DB package as the followings:
- Race Condition Vulnerability in SDBINST for SAP Database, which allows a local attacker to gain root privileges.
- Buffer Overflow Vulnerability in the niserver interface, which allows a remote attacker to overflow a buffer and to execute arbitrary code.
- Symbolic Link Vulnerability in ./lserversrv binary symbolic link, which allows a local attacker to overwrite files on the system with root privileges.
* Note: This check solely relied on whether SAP DB vserver is running on the remote server or not, to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
SAP AG SAP DB Any version
Windows Any version
UNIX Any version |
| Recommendation |
If the old version is running on your system, we recommend to upgrade to the latest version of SAP DB(7.4.03.30 or later) from SAP DB Web page at http://www.sapdb.org/7.4/sap_db_software.htm |
| Related URL |
CVE-2003-0265,CVE-2003-0939 (CVE) |
| Related URL |
7421,6316 (SecurityFocus) |
| Related URL |
11881,13766,10762 (ISS) |
|
