CVE-2004-1707

Name of the Vulnerable Software and Affected Versions Oracle 8i Oracle 9i Oracle IAS version 9.0.2.0.1

Description The issue concerns the dbsnmp and nmo programs in Oracle products on Unix systems. These programs use a default path to find and execute library files while operating at raised privileges. This allows certain Oracle user accounts to gain root privileges by modifying the libclntsh.so.9.0 library file.

Recommendations For Oracle 8i, update the configuration to use a secure path for library files. For Oracle 9i, modify the privileges of the affected Oracle user accounts to prevent them from executing the vulnerable library files. For Oracle IAS version 9.0.2.0.1, restrict access to the libclntsh.so.9.0 library file to prevent modification by unauthorized users.