Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the Oracle File Overwrite Security Vulnerability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Database_server | Oracle | * | 9.0.1 (including) |
| Database_server | Oracle | 8.0 (including) | 8.0 (including) |
| Database_server | Oracle | 8.1 (including) | 8.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=100386756715645\u0026w=2
- http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf
- http://marc.info/?l=bugtraq\u0026m=100386756715645\u0026w=2
- http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf