CVE-2006-2547 - Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch

CVE-2006-2547

Summary

Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.

References

Vulnerable Configurations

cpe:2.3:a:sap:sapdba:*:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapdba:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 18-10-2018 - 16:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	18028
bugtraq	20060519 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAPsapdba Command
fulldisc	20060518 CYBSEC - Security Pre-Advisory: Local Privilege Escalation in SAP sapdba Command
misc	http://www.cybsec.com/vuln/CYBSEC_Security_Pre-Advisory_Local_Privilege_Escalation_in_SAP_sapdba_Command.pdf
sectrack	1016122
secunia	20180
sreason	941
vupen	ADV-2006-1861
xf	sap-sapdba-privilege-escalation(26526)

Last major update

18-10-2018 - 16:40

Published

23-05-2006 - 10:06

Last modified

18-10-2018 - 16:40