Lucene search

[email protected]CVE-2001-0300

HistoryJun 02, 2001 - 4:00 a.m.

CVE-2001-0300

2001-06-0204:00:00

[email protected]

web.nvd.nist.gov

oracle 8.1.7

oidldapd 2.1.1.1

world-writable directory

symlink attack

logs

cve-2001-0300.

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.0%

JSON

oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.

Affected configurations

NVD

Node

oracleinternet_directoryMatch2.1.1.1

CPENameOperatorVersion
oracle:internet_directoryoracle internet directoryeq2.1.1.1

CPE	Name	Operator	Version
oracle:internet_directory	oracle internet directory	eq	2.1.1.1

References

archives.neohapsis.com/archives/bugtraq/2000-12/0434.html

www.kb.cert.org/vuls/id/610904

exchange.xforce.ibmcloud.com/vulnerabilities/5804

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.0%

JSON

Related for CVE-2001-0300

cert1 cvelist1 nvd1