8.1.5

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

oracle

NVD

Published: 2001-08-31

Updated: 2008-09-05

Summary

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Database Server 8.1.5 Oracle Database Server 8.0.5	2

References

http://www.securityfocus.com/archive/1/201020
http://www.securityfocus.com/bid/3129
http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
http://seclists.org/lists/bugtraq/2001/Dec/0001.html