Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1106
HistoryDec 22, 2000 - 12:00 a.m.

vulnerability #1 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7

2000-12-2200:00:00
vulners.com
28
JSON
                  WWW.PLAZASITE.COM
              System & Security Division

Title: Vulnerability in oidldapd in Oracle 8.1.7
Date: 10-12-2000
Platform: Only tested in Linux, but can be exported to others.
Impact: Any user gain euid=root.
Author: Juan Manuel Pascual ([email protected])
Status: Vendor Contacted answers received. Details Below

OVERVIEW:
oidldapd is a Oracle Internet Directory. Oracle Ldap Daemon. The
actual version is 2.1.1.1

PROBLEM SUMMARY:
There is a buffer overflow in oidldapd that can be use by local
users to obtain euid of root user. Easy for user oracle.

IMPACT:
Any user with local access, can gain euid= root.

SOLUTION:
Chmod -s ;-)))).

STATUS:
Vendor was contacted 10-Dec-2000. They point me to metalink site
then all to metalink site ;-)

This vulnerability was researched by:
Juan Manuel Pascual Escriba [email protected]

            " In God We trust, Others We monitor "

    -------------------------------------------------------------
     Juan Manuel Pascual Escribб        Administrador de Sistemas
     PlazaSite S.A.                         c/ Tomбs Bretуn 32-38
     08950 Esplugues de Llobregat           (Barcelona),    SPAIN
     Ph: +34 93 3717398                       Fax: +34 93 3711968
     mob: 667591142                     Email: [email protected]
    -------------------------------------------------------------
JSON