CVE-2008-1810 - OpenCVE

Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Sap	Maxdb

Configuration 1 [-]

AND

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:a:sap:maxdb:7.6.03.15:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729
http://secunia.com/advisories/31318
http://www.securityfocus.com/bid/30474
http://www.securitytracker.com/id?1020585
http://www.vupen.com/english/advisories/2008/2267/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/44125

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-08-01T14:00:00

Updated: 2024-08-07T08:32:01.334Z

Reserved: 2008-04-15T00:00:00

Link: CVE-2008-1810

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-08-01T14:41:00.000

Modified: 2017-08-08T01:30:28.387

Link: CVE-2008-1810

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-07-30T00:00:00", "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-2267", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/2267/references"}, {"name": "31318", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31318"}, {"name": "30474", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30474"}, {"name": "20080730 SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729"}, {"name": "1020585", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020585"}, {"name": "maxdb-dbmsrv-code-execution(44125)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44125"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1810", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-2267", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/2267/references"}, {"name": "31318", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31318"}, {"name": "30474", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30474"}, {"name": "20080730 SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729"}, {"name": "1020585", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1020585"}, {"name": "maxdb-dbmsrv-code-execution(44125)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44125"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:32:01.334Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-2267", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/2267/references"}, {"name": "31318", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31318"}, {"name": "30474", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30474"}, {"name": "20080730 SAP MaxDB dbmsrv Untrusted Execution Path Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729"}, {"name": "1020585", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020585"}, {"name": "maxdb-dbmsrv-code-execution(44125)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44125"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1810", "datePublished": "2008-08-01T14:00:00", "dateReserved": "2008-04-15T00:00:00", "dateUpdated": "2024-08-07T08:32:01.334Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:sap:maxdb:7.6.03.15:*:*:*:*:*:*:*", "matchCriteriaId": "4AA3A766-8E99-4CD8-B6EA-A360DE2AA832", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 on Linux allows local users to gain privileges via a modified PATH environment variable."}, {"lang": "es", "value": "Vulnerabilidad de b\u00fasqueda de ruta no confiable en dbmsrv en SAP MaxDB 7.6.03.15 sobre Linux. Permite a usuarios locales elevar sus privilegios a trav\u00e9s de una variable de entorno PATH modificada."}], "id": "CVE-2008-1810", "lastModified": "2017-08-08T01:30:28.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-08-01T14:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=729"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31318"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30474"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1020585"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/2267/references"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44125"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}