CVE-2000-0206
published 2000-03-05CVE-2000-0206: The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to…
PriorityP415medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
1.07%
60.6th percentile
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | oracle8i | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)
exploitdb·2010-07-03
CVE-2004-0206 Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)
Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)
---
##
# $Id: ms04_031_netdde.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft NetDDE Service Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in the NetDDE service, which is the
precursor to the DCOM interface. This exploit effects only operating systems
released prior to Windows XP SP1 (2000 SP4, XP SP0). Despite Microsoft's claim
that this vulnerability can be exploited without authentication, the N
Exploit-DB
Oracle8i Standard Edition 8.1.5 for Linux Installer - Local Privilege Escalation
exploitdb·2000-03-05
CVE-2000-0206 Oracle8i Standard Edition 8.1.5 for Linux Installer - Local Privilege Escalation
Oracle8i Standard Edition 8.1.5 for Linux Installer - Local Privilege Escalation
---
source: https://www.securityfocus.com/bid/1035/info
A vulnerability exists in the installation program for Oracle 8.1.5i. The Oracle installation scripts will create a directory named /tmp/orainstall, owned by oracle:dba, mode 711. Inside of this directory it will create a shell script named orainstRoot.sh, mode 777. The installation script will then stop and ask the person installing to run this script. The installation program at no point attempts to determine if the directory or script already exist. This makes it possible to create a symbolic link from the orainstRoot.sh file to elsewhere on the file system. This could be used to create a .rhosts file, for instance, and gain access to the root accou
No writeups or analysis indexed.
2000-03-05
Published