10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.071 Low
EPSS
Percentile
93.9%
A vulnerability in Oracle 8i allows intruders to assume control of the database server and/or the operating system on which the database server is running, depending on the platform used.
The COVERT labs at PGP Security have discovered a buffer overflow vulnerability in Oracle 8i allows intruders to execute arbitrary code with the privileges of the process running the TNS listener process. The vulnerability occurs in a section of code that is executed prior to authentication, so an intruder does not require a username or password.
For more information, see the COVERT Labs Security Advisory, available at
http://www.pgp.com/research/covert/advisories/050.asp
An intruder who exploits the vulnerability can execute arbitrary code as the ‘oracle’ user on UNIX systems, and in the Local System security context on Windows systems. In both cases, the attacker can gain gain control of database services on the victim machine; on Windows systems, the intruder can additionally gain administrative control of the operating system as well.
According to COVERT Labs, patches for this vulnerability are available from Oracle, “under bug number 1489683 which is available for download from the Oracle Worldwide Support Services web site, Metalink (<http://metalink.oracle.com>) for the platforms identified in this advisory. The patch is in production for all supported releases of the Oracle Database Server.”
Use a packet filter or firewall to restrict access to port 1521 on vulnerable machines. This may reduce your exposure to this problem until a patch can be applied.
Javascript is disabled. Click here to view vendors.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Our thanks to COVERT Labs at PGP Security for the information contained in their advisory.
This document was written by Shawn Hernan.
CVE IDs: | CVE-2001-0499 |
---|---|
Severity Metric: | 34.79 Date Public: |