CVE-1999-0888
published 1999-08-16CVE-1999-0888: dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the…
medium4.6CVSS 3.1
AVLACLAuNCPIPAP
EXPLOIT
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | database_server | — | — |
| oracle | database_server | — | — |
| oracle | oracle8i | — | — |
| oracle | oracle8i | — | — |
| oracle | oracle8i | — | — |
| oracle | oracle8i | — | — |
| oracle | oracle8i | — | — |
No detection rules found.
Exploit-DB
Oracle 8 8.1.5 - Intelligent Agent (1)
exploitdb·1999-08-16
CVE-1999-0888 Oracle 8 8.1.5 - Intelligent Agent (1)
Oracle 8 8.1.5 - Intelligent Agent (1)
---
source: https://www.securityfocus.com/bid/585/info
A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user.
The problem lies in the dbsnmp program located in $ORACLE_HOME/bin . This setuid root and setgid dba program trusts the environment variable ORACLE_HOME without verifying its contents. This vulnerability can be exploited in a number of ways.
The dbsnmp program calls a tcl script ( nmiconf.tcl ) located by default in $ORACLE_HOME/network/agent/config. A malicious user can craft his own nmiconf.tcl script and fool the dbsnmp program to execute as root.
When run without ORACLE_HOME being set, dbsnmp will dump two log files out into the c
Exploit-DB
Oracle 8 8.1.5 - Intelligent Agent (2)
exploitdb·1999-08-16
CVE-1999-0888 Oracle 8 8.1.5 - Intelligent Agent (2)
Oracle 8 8.1.5 - Intelligent Agent (2)
---
// source: https://www.securityfocus.com/bid/585/info
A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user.
The problem lies in the dbsnmp program located in $ORACLE_HOME/bin . This setuid root and setgid dba program trusts the environment variable ORACLE_HOME without verifying its contents. This vulnerability can be exploited in a number of ways.
The dbsnmp program calls a tcl script ( nmiconf.tcl ) located by default in $ORACLE_HOME/network/agent/config. A malicious user can craft his own nmiconf.tcl script and fool the dbsnmp program to execute as root.
When run without ORACLE_HOME being set, dbsnmp will dump two log files out into th
No writeups or analysis indexed.
1999-08-16
Published