CVE Vulnerabilities

CVE-2001-0943

Published: Aug 31, 2001 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.

Affected Software

Name Vendor Start Version End Version
Database_server Oracle 8.0.5 8.0.5
Database_server Oracle 8.1.5 8.1.5

References