PT-2000-1747 · Oracle · Oracle Listener

Published

2000-12-19

Updated

2017-10-10

CVE-2000-0818

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle listener program versions 7.3.4, 8.0.6, 8.1.6

Description The default installation of the Oracle listener program allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC FILE or SET LOG FILE commands.

Recommendations For versions 7.3.4, 8.0.6, and 8.1.6, consider restricting access to the SET TRC FILE and SET LOG FILE commands to prevent arbitrary file appending and command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0818

Affected Products

Oracle Listener

PT-2000-1747 · Oracle · Oracle Listener

CVE-2000-0818

Related Identifiers

Affected Products

References · 4