Vulnerability Name: | CCN-2166 | ||||||
Published: | 1999-05-07 | ||||||
Updated: | 1999-05-07 | ||||||
Summary: | Several vulnerabilities in the Oracle enterprise database system under Unix operating systems could allow a local attacker to exploit Oracle support programs to compromise the 'oracle' user account. With the privileges of the oracle user account, the attacker could take complete control of databases and the information contained therein. | ||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
CVSS v2 Severity: | 4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
Vulnerability Consequences: | Gain Privileges | ||||||
References: | Source: CCN Type: Internet Security Systems Security Alert #26 Multiple File System Vulnerabilities in Oracle 8 Source: CCN Type: Oracle MetaLink Web site Oracle MetaLink Source: CCN Type: BID-170 Oracle 8 File Access Vulnerabilities Source: XF Type: UNKNOWN oracle-unix-symlinks(2166) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |