Local Privilege Escalation in SAP DB 7.3 and Earlier via Symlink Vulnerability

Local Privilege Escalation in SAP DB 7.3 and Earlier via Symlink Vulnerability

CVE-2002-1576 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

lserver in SAP DB 7.3 and earlier uses the current working directory to find and execute the lserversrv program, which allows local users to gain privileges with a malicious lserversrv that is called from a directory that has a symlink to the lserver program.

Learn more about our Cis Benchmark Audit For Server Software.