CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
26.5%
dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | database_server | 8.0.5 | cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:* |
oracle | database_server | 8.1.5 | cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:* |