Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0206 — Oracle Oracle8i vulnerability

5 documents4 sources

Severity

6.2MEDIUMNVD

EPSS

0.2%

top 55.88%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Oracle8i

Timeline

PublishedMar 5

Latest updateApr 30

Description

The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages1 packages

▶NVDoracle/oracle8i8.1.5

🔴Vulnerability Details

GHSA

GHSA-mqmj-xph7-4vqh: The installation of Oracle 8↗2022-04-30

▶

CVEList

CVE-2000-0206: The installation of Oracle 8↗2000-04-25

▶

💥Exploits & PoCs

Exploit-DB

Microsoft NetDDE Service - Remote Overflow (MS04-031) (Metasploit)↗2010-07-03

▶

Exploit-DB

Oracle8i Standard Edition 8.1.5 for Linux Installer - Local Privilege Escalation↗2000-03-05

▶