Multiple vulnerabilities have been identified in SAP MaxDB, which could be exploited by remote or local attackers to cause a denial of service or compromise an affected system.

The first issue is caused by a signedness error in the "vserver" component when processing user-supplied data, which could be exploited by an attacker who knows the name of an active database on the server to cause a denial of service or potentially execute arbitrary code by sending a specially crafted request to port 7210/TCP.

The second vulnerability is caused by a design error in the "sdbstarter" utility when handling environment variables, which could be exploited by a local attacker (member of the "sdba" group) to execute arbitrary code with "root" privileges.

AdRaMiTi  /  Security Experts TIM