CVE-2001-0943

Name of the Vulnerable Software and Affected Versions Oracle versions 8.0.5 and 8.1.5

Description The issue allows local users to execute arbitrary code under certain conditions. This is due to the dbsnmp in Oracle trusting the PATH environment variable to find and execute the chown or chgrp commands. A local user can modify the PATH to point to Trojan Horse programs, enabling the execution of arbitrary code.

Recommendations For Oracle version 8.0.5, consider restricting access to the dbsnmp until a fix is available. For Oracle version 8.1.5, avoid using the PATH environment variable to execute the chown or chgrp commands until the issue is resolved. As a temporary workaround, consider setting the PATH environment variable to a known safe value to minimize the risk of exploitation.