Vulnerability Description
dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Database Server | 8.0.5 |
References
- http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
- http://seclists.org/lists/bugtraq/2001/Dec/0001.html
- http://www.securityfocus.com/archive/1/201020ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/3129PatchVendor Advisory
- http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf
- http://seclists.org/lists/bugtraq/2001/Dec/0001.html
- http://www.securityfocus.com/archive/1/201020ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/3129PatchVendor Advisory
FAQ
What is CVE-2001-0943?
CVE-2001-0943 is a vulnerability with a CVSS score of 7.2 (HIGH). dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary ...
How severe is CVE-2001-0943?
CVE-2001-0943 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0943?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Database Server.