CVE-2008-0306
iDEFENSE Security Advisory 2008-03-10.2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.
sdbstarter en SAP MaxDB 7.6.0.37, y posiblemente en otras versiones, permite a usuarios locales ejecutar comandos de su elección mediante utilizando variables de entorno no especificadas para mnodificar parámetros de configuración.
Local exploitation of a design error in the "sdbstarter" program, as distributed with SAP AG's MaxDB, could allow attackers to elevate privileges to root. iDefense has confirmed the existence of this vulnerability in SAP AG's MaxDB version 7.6.0.37 on both Linux and Solaris. Other versions for Unix-like systems are suspected to be vulnerable. Windows releases do not include the "sdbstarter" program.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-01-16 CVE Reserved
- 2008-03-11 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670 | Third Party Advisory | |
| http://www.securityfocus.com/bid/28185 | Vdb Entry | |
| http://www.securitytracker.com/id?1019570 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0844/references | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41104 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29312 | 2017-08-08 |