dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.
References
Link | Resource |
---|---|
http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf | |
http://seclists.org/lists/bugtraq/2001/Dec/0001.html | |
http://www.securityfocus.com/archive/1/201020 | Exploit Patch Vendor Advisory |
http://www.securityfocus.com/bid/3129 | Patch Vendor Advisory |
http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf | |
http://seclists.org/lists/bugtraq/2001/Dec/0001.html | |
http://www.securityfocus.com/archive/1/201020 | Exploit Patch Vendor Advisory |
http://www.securityfocus.com/bid/3129 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:36
Type | Values Removed | Values Added |
---|---|---|
References | () http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf - | |
References | () http://seclists.org/lists/bugtraq/2001/Dec/0001.html - | |
References | () http://www.securityfocus.com/archive/1/201020 - Exploit, Patch, Vendor Advisory | |
References | () http://www.securityfocus.com/bid/3129 - Patch, Vendor Advisory |
Information
Published : 2001-08-31 04:00
Updated : 2024-11-20 23:36
NVD link : CVE-2001-0943
Mitre link : CVE-2001-0943
CVE.ORG link : CVE-2001-0943
JSON object : View
Products Affected
oracle
- database_server
CWE