CVE-2001-1041

Name of the Vulnerable Software and Affected Versions Oracle versions 8.0.x through 9.0.1

Description The issue allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file. This is made possible by the program creating the log file in an alternate home directory identified by the ORACLE HOME environment variable.

Recommendations For Oracle versions 8.0.x through 9.0.1, consider restricting access to the ORACLE HOME environment variable to minimize the risk of exploitation. As a temporary workaround, avoid using the Oracle log trace (.trc) file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.