Lucene search

MitreCVE-2001-1041

HistoryFeb 02, 2002 - 5:00 a.m.

CVE-2001-1041

2002-02-0205:00:00

mitre

web.nvd.nist.gov

oracle

cve-2001-1041

symlink attack

overwrite files

oracle 8.0.x

oracle 8.1.x

oracle 9.0.1

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

28.5%

JSON

oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.

Affected configurations

Nvd

Node

oracledatabase_serverMatch8.0

oracledatabase_serverMatch8.1

oracledatabase_serverMatch9.0.1

VendorProductVersionCPE
oracledatabase_server8.0cpe:2.3:a:oracle:database_server:8.0:*:*:*:*:*:*:*
oracledatabase_server8.1cpe:2.3:a:oracle:database_server:8.1:*:*:*:*:*:*:*
oracledatabase_server9.0.1cpe:2.3:a:oracle:database_server:9.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	database_server	8.0	cpe:2.3:a:oracle:database_server:8.0:::::::*
oracle	database_server	8.1	cpe:2.3:a:oracle:database_server:8.1:::::::*
oracle	database_server	9.0.1	cpe:2.3:a:oracle:database_server:9.0.1:::::::*

References

marc.info/?l=bugtraq&m=100395579811880&w=2

marc.info/?l=bugtraq&m=99677282117387&w=2

otn.oracle.com/deploy/security/pdf/oracle_race.pdf

www.securityfocus.com/bid/3135

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

Low

EPSS

0.001

Percentile

28.5%

JSON

Related for CVE-2001-1041