RE: SAP DB Security Alert

Tue, 04 Feb 2003 01:39:13 -0800 

Hello,

excuse me if I sound a little confused, but I am. This alert seems to be
identical to an alert from december last year. Is it still relevant?
I'm especially worried because the steps suggested to fix this problem do
not work with the SAP DB 7.4 I downloaded and installed yesterday (there is
no file 'lserversrv' anywhere in the distribution-tree). Does this security
problem apply to SAP DB 7.4 as well? And if so, how should one fix it?

I don't want to be too critical here, but if this problem is known since
december, how comes it is still present in recent distributions?

Otherwise I am very gratefull for your decision to make SAP DB available as
Open Source, it really seems to be a great product. 

Greetings

Andreas Mohrig
- IT-Entwicklung -
cadooz AG
Osterbekstr. 90b
22083 Hamburg

Email: [EMAIL PROTECTED]
Tel.:  +49.40.271 482-13 
Fax.:  +49.40.271 482-11
Web:   www.cadooz-business.de 
       www.cadooz.de

-----Original Message-----
From: Dittmar, Daniel [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 02, 2002 12:42 PM
To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'
Subject: SAP DB Security Alert
Importance: High



Security Alert
==============

Current versions of SAP DB on Unix contain a vulnerability
that allows local users to execute programs as user root.

Information on how to remove that vulnerability can be found at 
http://www.sapdb.org/sap_db_alert.htm or follow the instructions below:

Perform the following steps for each <dependent_path>:
$ cd <dependent_path>/pgm
$ cp lserversrv lserver
$ chown root lserver
$ chmod +s lserver 

Daniel Dittmar

-- 
Daniel Dittmar
SAP DB, SAP Labs Berlin
[EMAIL PROTECTED]
http://www.sapdb.org/
_______________________________________________
sapdb.announce mailing list
[EMAIL PROTECTED]
http://listserv.sap.com/mailman/listinfo/sapdb.announce
_______________________________________________
sapdb.general mailing list
[EMAIL PROTECTED]
http://listserv.sap.com/mailman/listinfo/sapdb.general
_______________________________________________
sapdb.general mailing list
[EMAIL PROTECTED]
http://listserv.sap.com/mailman/listinfo/sapdb.general

Reply via email to