CVE-2001-0943Uncontrolled Search Path Element in Oracle Database Server

CWE-427Uncontrolled Search Path Element4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.8%
top 25.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedAug 31
Latest updateApr 30

Description

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDoracle/database_server8.0.5, 8.1.5+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-7rq4-mcf2-wqcx: dbsnmp in Oracle 82022-04-30
CVEList
CVE-2001-0943: dbsnmp in Oracle 82002-02-02

📐Framework References

1
CWE
Uncontrolled Search Path Element
CVE-2001-0943 — Uncontrolled Search Path Element | cvebase