Lucene search

[email protected]CVE-2002-0857

HistorySep 05, 2002 - 4:00 a.m.

CVE-2002-0857

2002-09-0504:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2002-0857

oracle

listener control

lsnrctl

format string vulnerabilities

remote code execution

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

82.0%

JSON

Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.

CPENameOperatorVersion
oracle:oracle8ioracle oracle8ieq8.1
oracle:database_serveroracle database servereq9.2
oracle:database_serveroracle database servereq9.0
oracle:database_serveroracle database servereq7.3.4

CPE	Name	Operator	Version
oracle:oracle8i	oracle oracle8i	eq	8.1
oracle:database_server	oracle database server	eq	9.2
oracle:database_server	oracle database server	eq	9.0
oracle:database_server	oracle database server	eq	7.3.4

References

marc.info/?l=bugtraq&m=102933735716634&w=2

otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf

securitytracker.com/id?1005037

www.kb.cert.org/vuls/id/301059

www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt

www.securityfocus.com/bid/5460

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for CVE-2002-0857

cert1 cvelist1