Lucene search

[email protected]CVE-2001-0942

HistoryNov 29, 2001 - 5:00 a.m.

CVE-2001-0942

2001-11-2905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

oracle

dbsnmp

8.1.6

8.1.7

vulnerability

program execution

cve-2001-0942

nvd

7.1 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

25.3%

JSON

dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.

CPENameOperatorVersion
oracle:database_serveroracle database servereq8.1.7
oracle:database_serveroracle database servereq8.1.6

CPE	Name	Operator	Version
oracle:database_server	oracle database server	eq	8.1.7
oracle:database_server	oracle database server	eq	8.1.6

References

otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf

seclists.org/lists/bugtraq/2001/Dec/0000.html

www.securityfocus.com/bid/3137

exchange.xforce.ibmcloud.com/vulnerabilities/7645

7.1 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

25.3%

JSON