VAR-200801-0222
Vulnerability from variot - Updated: 2023-12-18 13:04SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. Multiple database commands expose this issue, including one that is available prior to authentication. MaxDB 7.6.03 build 007 is vulnerable to this issue; other versions may also be affected.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: MaxDB DBM Command Processing Command Execution Vulnerability
SECUNIA ADVISORY ID: SA28409
VERIFY ADVISORY: http://secunia.com/advisories/28409/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: MaxDB 7.x http://secunia.com/product/4012/
DESCRIPTION: Luigi Auriemma has discovered a vulnerability in MaxDB, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an input validation error in the handling of certain DBM commands (e.g. sending a specially crafted packet to default port 7210/TCP.
The vulnerability is confirmed in version 7.6.03.07 on Windows.
SOLUTION: Restrict network access to the database service.
PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma
ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/sapone-adv.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200801-0222",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "maxdb",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "7.6.3_build_007"
},
{
"model": "maxdb",
"scope": "lte",
"trust": 0.8,
"vendor": "sap",
"version": "7.6.03 build 007"
},
{
"model": "maxdb",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "7.6.3_build_007"
},
{
"model": "maxdb build",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.6.3007"
}
],
"sources": [
{
"db": "BID",
"id": "27206"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005366"
},
{
"db": "NVD",
"id": "CVE-2008-0244"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-173"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:maxdb:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6.3_build_007",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0244"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luigi Auriemma\u203b aluigi@pivx.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-173"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0244",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-0244",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-0244",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200801-173",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005366"
},
{
"db": "NVD",
"id": "CVE-2008-0244"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"\u0026\u0026\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe. SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. Multiple database commands expose this issue, including one that is available prior to authentication. \nMaxDB 7.6.03 build 007 is vulnerable to this issue; other versions may also be affected. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nMaxDB DBM Command Processing Command Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA28409\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28409/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nMaxDB 7.x\nhttp://secunia.com/product/4012/\n\nDESCRIPTION:\nLuigi Auriemma has discovered a vulnerability in MaxDB, which can be\nexploited by malicious people to compromise a vulnerable system. \n\nThe vulnerability is caused due to an input validation error in the\nhandling of certain DBM commands (e.g. sending a specially crafted packet to default port 7210/TCP. \n\nThe vulnerability is confirmed in version 7.6.03.07 on Windows. \n\nSOLUTION:\nRestrict network access to the database service. \n\nPROVIDED AND/OR DISCOVERED BY:\nLuigi Auriemma\n\nORIGINAL ADVISORY:\nhttp://aluigi.altervista.org/adv/sapone-adv.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0244"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005366"
},
{
"db": "BID",
"id": "27206"
},
{
"db": "PACKETSTORM",
"id": "62509"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0244",
"trust": 2.7
},
{
"db": "BID",
"id": "27206",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "28409",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-0104",
"trust": 1.6
},
{
"db": "EXPLOIT-DB",
"id": "4877",
"trust": 1.6
},
{
"db": "SREASON",
"id": "3536",
"trust": 1.6
},
{
"db": "SECTRACK",
"id": "1019171",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005366",
"trust": 0.8
},
{
"db": "XF",
"id": "39573",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "4877",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "11368",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080109 PRE-AUTH REMOTE COMMANDS EXECUTION IN SAP MAXDB 7.6.03.07",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200801-173",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "62509",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "27206"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005366"
},
{
"db": "PACKETSTORM",
"id": "62509"
},
{
"db": "NVD",
"id": "CVE-2008-0244"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-173"
}
]
},
"id": "VAR-200801-0222",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.1359447
},
"last_update_date": "2023-12-18T13:04:54.989000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://maxdb.sap.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005366"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005366"
},
{
"db": "NVD",
"id": "CVE-2008-0244"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/28409"
},
{
"trust": 1.6,
"url": "http://securityreason.com/securityalert/3536"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/27206"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id?1019171"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2008/0104"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
},
{
"trust": 1.0,
"url": "https://www.exploit-db.com/exploits/4877"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0244"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0244"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/39573"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/486039/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/4877"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0104"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/11368"
},
{
"trust": 0.3,
"url": "https://www.sdn.sap.com/irj/sdn/maxdb"
},
{
"trust": 0.3,
"url": "/archive/1/486039"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4012/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28409/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
}
],
"sources": [
{
"db": "BID",
"id": "27206"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005366"
},
{
"db": "PACKETSTORM",
"id": "62509"
},
{
"db": "NVD",
"id": "CVE-2008-0244"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "27206"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005366"
},
{
"db": "PACKETSTORM",
"id": "62509"
},
{
"db": "NVD",
"id": "CVE-2008-0244"
},
{
"db": "CNNVD",
"id": "CNNVD-200801-173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-01-09T00:00:00",
"db": "BID",
"id": "27206"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-005366"
},
{
"date": "2008-01-10T23:06:04",
"db": "PACKETSTORM",
"id": "62509"
},
{
"date": "2008-01-12T02:46:00",
"db": "NVD",
"id": "CVE-2008-0244"
},
{
"date": "2008-01-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-02-09T05:51:00",
"db": "BID",
"id": "27206"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-005366"
},
{
"date": "2018-10-15T21:58:51.733000",
"db": "NVD",
"id": "CVE-2008-0244"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200801-173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP MaxDB Vulnerable to arbitrary command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005366"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200801-173"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…