Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-0943

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2001-0943
Last Modified 05 Sep 2008 04:25:17
Published 31 Aug 2001 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-0943

Summary

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.

Vulnerable Systems

Application

  • Oracle Database Server 8.0.5

  • Oracle Database Server 8.1.5


References

BID - 3129

BUGTRAQ - 20010801 Oracle 8.1.5 dbnsmp vulnerability

CONFIRM - http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf

BUGTRAQ - 20011130 ASI Oracle Security Alert: CHOWN Path Environment Variable Vulnerability


Last Updated: 27 May 2016 10:36:28