4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
32.1%
A buffer overflow in some command-line utilities supplied with the Oracle Database Server could allow a local user to gain the privileges of the oracle
system user.
The Oracle 9_i_ Database Server package includes the oracle
and oracleO
command-line client programs to connect to systems running the database server. These commands are the same underlying program, but take different actions based on which one is invoked (argv[0]
). A buffer overflow flaw has been discovered in the way these programs process their first argument (argv[1]
). An overly long string supplied in this argument may allow an attacker to run code of their own chosing in the context of the oracle
system user.
This vulnerability is reported to affect the Oracle 9_i_ product on all UNIX and Linux system platforms that Oracle supports. It was originally reported that this vulnerability affected the Oracle 8_i_ product, but Oracle has since reported that this product is not vulnerable.
The CERT/CC is aware of publicly available exploit scripts for this vulnerability.
An attacker with local access to the system on which the Oracle system is installed may be able to execute arbitrary code with the privileges of the oracle
user and the dba
group. This allows the attacker to take any action that the database administrator is authorized to take. Attackers may be able to gain additional system privileges, depending on how the system is configured.
Apply a patch from the vendor
In response to this issue, Oracle has released Oracle Security Alert #59 that includes information about patches. Please see the vendors section of this document for more details.
Workarounds
Sites may wish to consider removing the execute permissions for users not in the dba
group from the oracle
and oracleO
programs as follows:
# cd $ORACLE_HOME/bin
# chmod o-x oracle oracleO
Some side effects of this workaround are discussed in Oracle Security Alert #59, which addresses this vulnerability.
496340
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: November 03, 2003 Updated: November 03, 2003
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Oracle has published Oracle Security Alert #59 in reponse to this issue. Users are encouraged to review this document and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23496340 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Oracle Security Advisory for reporting this vulnerability.
This document was written by Chad R Dougherty.
CVE IDs: | CVE-2003-0894 |
---|---|
Severity Metric: | 16.03 Date Public: |