SAP Web Application Server for Linux Arbitrary Command Execution Vulnerability

The SAP Web Application Server for Linux includes an application which may be coerced into executing arbitrary code with elevated privileges.

Because of an input validation error, it may be possible for a local user to modify environment variables such that the SAP Operating System Collector (saposcol) executes unintended programs.

Note: The original report detailing this vulnerability was based on analysis of an evaluation version of the SAP Web Application Server for Linux. While it is likely that the vulnerability is present in commercial versions, it has not been confirmed.


 

Privacy Statement
Copyright 2010, SecurityFocus