Vulnerability Description
dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Database Server | 8.1.6 |
References
- http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdfPatchVendor Advisory
- http://seclists.org/lists/bugtraq/2001/Dec/0000.html
- http://www.securityfocus.com/bid/3137
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7645
- http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdfPatchVendor Advisory
- http://seclists.org/lists/bugtraq/2001/Dec/0000.html
- http://www.securityfocus.com/bid/3137
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7645
FAQ
What is CVE-2001-0942?
CVE-2001-0942 is a vulnerability with a CVSS score of 4.6 (MEDIUM). dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to...
How severe is CVE-2001-0942?
CVE-2001-0942 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0942?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Database Server.