CVE-2001-1041 — Oracle Database Server vulnerability

4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.3%

top 47.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server

Timeline

PublishedAug 31

Latest updateApr 30

Description

oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/database_server8.0, 8.1, 9.0.1+2

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-9vgr-jp8f-r9m7: oracle program in Oracle 8↗2022-04-30

▶

CVEList

CVE-2001-1041: oracle program in Oracle 8↗2002-02-02

▶

💥Exploits & PoCs

Exploit-DB

Solaris 2.x/7.0/8 - Xsun HOME Buffer Overflow↗2001-04-10

▶