CVE-2001-0943

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*

History

20 Nov 2024, 23:36

Type Values Removed Values Added
References () http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf - () http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf -
References () http://seclists.org/lists/bugtraq/2001/Dec/0001.html - () http://seclists.org/lists/bugtraq/2001/Dec/0001.html -
References () http://www.securityfocus.com/archive/1/201020 - Exploit, Patch, Vendor Advisory () http://www.securityfocus.com/archive/1/201020 - Exploit, Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/3129 - Patch, Vendor Advisory () http://www.securityfocus.com/bid/3129 - Patch, Vendor Advisory

Information

Published : 2001-08-31 04:00

Updated : 2024-11-20 23:36


NVD link : CVE-2001-0943

Mitre link : CVE-2001-0943

CVE.ORG link : CVE-2001-0943


JSON object : View

Products Affected

oracle

  • database_server