Vulnerability Description
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server | All versions |
| Oracle | Application Server Portal | 3.0.9.8.5 |
| Oracle | Database Server Lite | 5.0 |
| Oracle | Oracle8I | enterprise_8.0.5_.0.0 |
| Oracle | Oracle9I | client_9.2.0.1 |
References
- http://marc.info/?l=bugtraq&m=109147677214087&w=2
- http://secunia.com/advisories/12205ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/10829Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16839
- http://marc.info/?l=bugtraq&m=109147677214087&w=2
- http://secunia.com/advisories/12205ExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/10829Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16839
FAQ
What is CVE-2004-1707?
CVE-2004-1707 is a vulnerability with a CVSS score of 7.2 (HIGH). The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which...
How severe is CVE-2004-1707?
CVE-2004-1707 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1707?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server, Oracle Application Server Portal, Oracle Database Server Lite, Oracle Oracle8I, Oracle Oracle9I.