CVE-2000-0818

Name of the Vulnerable Software and Affected Versions Oracle listener program versions 7.3.4, 8.0.6, 8.1.6

Description The default installation of the Oracle listener program allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC FILE or SET LOG FILE commands.

Recommendations For versions 7.3.4, 8.0.6, and 8.1.6, consider restricting access to the SET TRC FILE and SET LOG FILE commands to prevent arbitrary file appending and command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.