Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0942

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2001-0942
Last Modified 10 Sep 2008 03:09:17
Published 29 Nov 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0942

Summary

dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.

Vulnerable Systems

Application

  • Oracle Database Server 8.1.6

  • Oracle Database Server 8.1.7


References

CONFIRM - http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf

XF - oracle-dbsnmp-home-validation(7645)

BID - 3137

BUGTRAQ - 20011130 ASI Oracle Security Alert: Oracle Home Environment Variable Validation Vulnerability


Last Updated: 27 May 2016 10:36:28