SAP MaxDB Multiple Vulnerabilities

critical Nessus Plugin ID 32194

Synopsis

The remote database server is affected by multiple issues.

Description

The remote host is running MaxDB, a database server from SAP.

According to its version, the remote server is affected by a multiple flaws :
- A vulnerability in 'vserver' process could allow an unauthenticated attacker to execute arbitrary code, subject to the privileges of the user under which the process operates. In order to successfully exploit this issue an attacker must have prior knowledge of an active database name on the server. (CVE-2008-0307)

- A design error in 'sdbstarter', could allow an attacker to elevate his privileges to root level privileges.
(CVE-2008-0306)

- A vulnerability in cons.exe could allow command execution before authenticating to the database server.
(CVE-2008-0244)

Solution

Upgrade to SAP MaxDB 7.7.04 Build 08 / 7.7.03 Build 23 / 7.7.02 Build 20 / 7.6.05 Build 02 / 7.6.04 Build 06 / 7.6.03 Build 15 / 7.5.00 Build 48 or later.

See Also

http://www.nessus.org/u?772bd3ee

http://www.nessus.org/u?77348cbb

https://www.securityfocus.com/archive/1/486039

Plugin Details

Severity: Critical

ID: 32194

File Name: sap_maxdb_multiple_vulns.nasl

Version: 1.17

Type: remote

Family: Databases

Published: 5/9/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:sap:maxdb

Exploit Available: true

Exploit Ease: Exploits are available

Exploitable With

CANVAS (D2ExploitPack)

Core Impact

Reference Information

CVE: CVE-2008-0244, CVE-2008-0306, CVE-2008-0307

BID: 27206, 28183, 28185

CWE: 189, 20