CVE-2008-0306

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
sapmaxdb
7.6.0.37
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
maxdb-7.5.00
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
ignored
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670
http://secunia.com/advisories/29312
http://www.securityfocus.com/bid/28185
http://www.securitytracker.com/id?1019570
http://www.vupen.com/english/advisories/2008/0844/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41104
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670
http://secunia.com/advisories/29312
http://www.securityfocus.com/bid/28185
http://www.securitytracker.com/id?1019570
http://www.vupen.com/english/advisories/2008/0844/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41104