4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
15.9%
Oracle Internet Directory version 2.0.6, which ships with Oracle version 8i for Linux (8.1.6), contains a program, oidldapd, that is an LDAP Daemon. There is a buffer overflow in the LDAP Daemon that allows a local user to obtain the euid of the oidldapd process, typically user oracle.
There is a buffer overflow in the oidldapd with regard to the βconnectβ option. Since oidldapd typically runs as user oracle, this vulnerability can be used by local users to obtain euid of user oracle. As a result of the default installation, user oracle owns all database files. An exploit has been published.
All database files can be edited/deleted by a malicious user. A local user can obtain privileges of the oidldapd process, typically oracle.
Oracle encourages all Linux directory developers to upgrade to Oracle Internet Directory, v2.1.1, part of the Oracle 8.1.7 (8i Release 3) server media pack, from <http://technet.oracle.com/>.
If you use a UFS filesystem, use chmod to set the file permissions to 710 for the oidldapd and oidmon executables. For other filesystems (e.g. AFS) use equivalent settings to restrict access to privileged users only.
118277
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: October 16, 2000 Updated: July 12, 2001
Affected
See <http://www.securityfocus.com/archive/1/157228>
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23118277 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was first published by Juan Manuel Pascual Escriba in a Plazasite advisory.
This document was written by Jason Rafail.
CVE IDs: | CVE-2000-0987 |
---|---|
Severity Metric: | 9.00 Date Public: |