PT-2001-2096 · Oracle · Oracle

Published

2001-08-31

Updated

2008-09-05

CVE-2001-0943

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle versions 8.0.5 and 8.1.5

Description The issue allows local users to execute arbitrary code under certain conditions. This is due to the dbsnmp in Oracle trusting the PATH environment variable to find and execute the chown or chgrp commands. A local user can modify the PATH to point to Trojan Horse programs, enabling the execution of arbitrary code.

Recommendations For Oracle version 8.0.5, consider restricting access to the dbsnmp until a fix is available. For Oracle version 8.1.5, avoid using the PATH environment variable to execute the chown or chgrp commands until the issue is resolved. As a temporary workaround, consider setting the PATH environment variable to a known safe value to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0943

Affected Products

Oracle

PT-2001-2096 · Oracle · Oracle

CVE-2001-0943

Related Identifiers

Affected Products

References · 6