Lucene search

MitreCVE-2001-0943

HistoryFeb 02, 2002 - 5:00 a.m.

CVE-2001-0943

2002-02-0205:00:00

mitre

web.nvd.nist.gov

oracle

dbsnmp

path environment

trojan horse

arbitrary code

cve-2001-0943

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

26.5%

JSON

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.

Affected configurations

Nvd

Node

oracledatabase_serverMatch8.0.5

oracledatabase_serverMatch8.1.5

VendorProductVersionCPE
oracledatabase_server8.0.5cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
oracledatabase_server8.1.5cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	database_server	8.0.5	cpe:2.3:a:oracle:database_server:8.0.5:::::::*
oracle	database_server	8.1.5	cpe:2.3:a:oracle:database_server:8.1.5:::::::*

References

otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf

seclists.org/lists/bugtraq/2001/Dec/0001.html

www.securityfocus.com/archive/1/201020

www.securityfocus.com/bid/3129

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

26.5%

JSON

Related for CVE-2001-0943