Vulnerability Name:

CVE-2001-0832 (CCN-6940)

Assigned:2001-08-02
Published:2001-08-02
Updated:2016-10-18
Summary:Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: BugTraq Mailing List, Thu Aug 02 2001 - 02:57:26 CDT
vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6

Source: CCN
Type: BugTraq Mailing List, Tue Oct 23 2001 - 14:38:46 CDT
FW: ASI Oracle Security Alert: 3 new security alerts

Source: MITRE
Type: CNA
CVE-2001-0832

Source: MITRE
Type: CNA
CVE-2001-1041

Source: BUGTRAQ
Type: UNKNOWN
20011023 FW: ASI Oracle Security Alert: 3 new security alerts

Source: CCN
Type: OracleMetaLink Web site
Metalink Login and Registration

Source: CCN
Type: Oracle Security Alert #20
Oracle File Overwrite Security Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf

Source: CCN
Type: CIAC Information Bulletin M-012
Oracle File Overwrite Security Vulnerability

Source: CCN
Type: OSVDB ID: 9458
Oracle Database oracle ORACLE_HOME Variable Log Trace File (.trc) Symlink Arbitrary File Overwrite

Source: CCN
Type: BID-3135
Oracle /tmp Race Condition Vulnerability

Source: XF
Type: UNKNOWN
oracle-binary-symlink(6940)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:database_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:*:*:*:*:*:*:*:* (Version <= 9.0.1)

    • Configuration CCN 1:
  • cpe:/a:oracle:database_server:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle database server 8.0
    oracle database server 8.1
    oracle database server *
    oracle database server 8.1.5
    oracle database server 8.1.6
    oracle database server 8.0.5
    oracle database server 8.0.6
    oracle database server 9.0.1