8.1.5

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

oracle

NVD

Published: 2001-08-31

Updated: 2008-09-05

Summary

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Database Server 8.0.5 Oracle Database Server 8.1.5	2

References

http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
http://seclists.org/lists/bugtraq/2001/Dec/0001.html
http://www.securityfocus.com/archive/1/201020
http://www.securityfocus.com/bid/3129