Vulnerability 3141 - CERT Civis.Net

Vulnerability Name:

CCN-3141

Published:

1999-08-23

Updated:

1999-08-23

Summary:

Oracle can be tricked into reading rogue configuration files via trusted environment variables. 'dbsnmp' then opens a 'trace' file that is owned by root and created with mode 666. This file can be linked out.

The second vulnerability again depends on trusted environment variables. 'dbsnmp' will execute rogue TCL scripts if environment variables are manipulated correctly.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: Internet Security Systems Security Alert #36
Additional Root Compromise Vulnerabilities in Oracle 8

Source: CCN
Type: Oracle Web site
Oracle Support Services

Source: XF
Type: UNKNOWN
oracle-dbsnmp-trace(3141)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:oracle:database_server:8.1.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:8.0.5:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:7.3.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:7.3.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:8.0.3:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:8.0.4:*:*:*:*:*:*:*

OR cpe:/a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK