VYPR
Unrated severityNVD Advisory· Published Apr 15, 2004· Updated Jun 16, 2026

CVE-2003-1033

CVE-2003-1033

Description

The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.

Affected products

3
  • SAP/DB2 versions
    cpe:2.3:a:sap:sap_db:7.3.00:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:sap:sap_db:7.3.00:*:*:*:*:*:*:*
    • cpe:2.3:a:sap:sap_db:7.4:*:*:*:*:*:*:*
  • Range: 7.x

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.