CVE-2001-0942Uncontrolled Search Path Element in Oracle Database Server

CWE-427Uncontrolled Search Path Element4 documents4 sources
Severity
4.6MEDIUMNVD
EPSS
0.3%
top 46.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedNov 29
Latest updateApr 30

Description

dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDoracle/database_server8.1.6, 8.1.7+1

Patches

Patch: otn.oracle.comPatch: otn.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-r7g3-hhch-8xf3: dbsnmp in Oracle 82022-04-30
CVEList
CVE-2001-0942: dbsnmp in Oracle 82002-02-02

📐Framework References

1
CWE
Uncontrolled Search Path Element
CVE-2001-0942 — Uncontrolled Search Path Element | cvebase