Lucene search

[email protected]NVD:CVE-2001-0943

HistoryAug 31, 2001 - 4:00 a.m.

CVE-2001-0943

2001-08-3104:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

26.5%

JSON

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.

Affected configurations

Nvd

Node

oracledatabase_serverMatch8.0.5

oracledatabase_serverMatch8.1.5

VendorProductVersionCPE
oracledatabase_server8.0.5cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
oracledatabase_server8.1.5cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	database_server	8.0.5	cpe:2.3:a:oracle:database_server:8.0.5:::::::*
oracle	database_server	8.1.5	cpe:2.3:a:oracle:database_server:8.1.5:::::::*

References

otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf

seclists.org/lists/bugtraq/2001/Dec/0001.html

www.securityfocus.com/archive/1/201020

www.securityfocus.com/bid/3129

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

26.5%

JSON

Related for NVD:CVE-2001-0943

cvelist1 cve1