CVE-2008-0244
published 2008-01-12CVE-2008-0244: SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other…
PriorityP274critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
80.31%
99.6th percentile
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | maxdb | <= 7.6.3_build_007 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated network requests containing shell metacharacters ('&&', '|', etc.) in SAP MaxDB protocol commands, particularly in 'exec_sdbinfo' and 'show' commands, which can be sent pre-authentication. ↗
- →Monitor for SAP MaxDB spawning child processes (e.g., cmd.exe, sh) as children of cons.exe, which would indicate successful shell metacharacter injection via the system() call. ↗
- →Alert on network traffic to SAP MaxDB containing the string '&&' or pipe characters ('|') within the exec_sdbinfo or other MaxDB command fields, as these are the injection vectors. ↗
- →Flag pre-authentication exploitation attempts: any MaxDB command containing shell metacharacters sent before a login sequence completes should be treated as a potential exploit attempt. ↗
- ·The vulnerability affects SAP MaxDB on all supported platforms (Windows, Linux, and Solaris), so detection and patching efforts must cover all OS deployments, not just Windows. ↗
- ·At time of disclosure, no fix was available from the vendor — defenders should prioritize network-level controls to restrict access to the MaxDB service port. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SAP MaxDB 7.6.03.07 - Remote Command Execution
exploitdb·2008-01-09
CVE-2008-0244 SAP MaxDB 7.6.03.07 - Remote Command Execution
SAP MaxDB 7.6.03.07 - Remote Command Execution
---
#######################################################################
Luigi Auriemma
Application: SAP MaxDB
https://www.sdn.sap.com/irj/sdn/maxdb
http://www.sap.com
Versions: <= 7.6.03 build 007
Platforms: Windows, Linux and Solaris
Bug: pre-auth remote commands execution
Exploitation: remote
Date: 09 Jan 2008
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
1) Introduction
SAP MaxDB is a commercial and widely known and used database.
#######################################################################
2) Bug
The Ma
Metasploit
SAP MaxDB cons.exe Remote Command Injection
metasploit
SAP MaxDB cons.exe Remote Command Injection
SAP MaxDB cons.exe Remote Command Injection
SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/sapone-adv.txthttp://secunia.com/advisories/28409http://securityreason.com/securityalert/3536http://www.securityfocus.com/archive/1/486039/100/0/threadedhttp://www.securityfocus.com/bid/27206http://www.securitytracker.com/id?1019171http://www.vupen.com/english/advisories/2008/0104https://exchange.xforce.ibmcloud.com/vulnerabilities/39573https://www.exploit-db.com/exploits/4877http://aluigi.altervista.org/adv/sapone-adv.txthttp://secunia.com/advisories/28409http://securityreason.com/securityalert/3536http://www.securityfocus.com/archive/1/486039/100/0/threadedhttp://www.securityfocus.com/bid/27206http://www.securitytracker.com/id?1019171http://www.vupen.com/english/advisories/2008/0104https://exchange.xforce.ibmcloud.com/vulnerabilities/39573https://www.exploit-db.com/exploits/4877
2008-01-12
Published