Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1041

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2001-1041
Last Modified 05 Sep 2008 04:25:32
Published 31 Aug 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1041

Summary

oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.

Vulnerable Systems

Application

  • Oracle Database Server 8.0

  • Oracle Database Server 8.1

  • Oracle Database Server 9.0.1


References

BID - 3135

BUGTRAQ - 20010802 vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6

BUGTRAQ - 20011024 Oracle File Overwrite Security Vulnerability

CONFIRM - http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf


Last Updated: 27 May 2016 10:36:30