Vulnerability Name: | CVE-2001-1041 (CCN-6940) | ||||||||
Assigned: | 2001-08-02 | ||||||||
Published: | 2001-08-02 | ||||||||
Updated: | 2016-10-18 | ||||||||
Summary: | oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable. | ||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | File Manipulation | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Thu Aug 02 2001 - 02:57:26 CDT vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6 Source: CCN Type: BugTraq Mailing List, Tue Oct 23 2001 - 14:38:46 CDT FW: ASI Oracle Security Alert: 3 new security alerts Source: MITRE Type: CNA CVE-2001-0832 Source: MITRE Type: CNA CVE-2001-1041 Source: BUGTRAQ Type: UNKNOWN 20011024 Oracle File Overwrite Security Vulnerability Source: BUGTRAQ Type: UNKNOWN 20010802 vulnerability in oracle binary in Oracle 8.0.5 - 8.1.6 Source: CCN Type: OracleMetaLink Web site Metalink Login and Registration Source: CCN Type: Oracle Security Alert #20 Oracle File Overwrite Security Vulnerability Source: CONFIRM Type: UNKNOWN http://otn.oracle.com/deploy/security/pdf/oracle_race.pdf Source: CCN Type: CIAC Information Bulletin M-012 Oracle File Overwrite Security Vulnerability Source: CCN Type: OSVDB ID: 9458 Oracle Database oracle ORACLE_HOME Variable Log Trace File (.trc) Symlink Arbitrary File Overwrite Source: BID Type: Patch, Vendor Advisory 3135 Source: CCN Type: BID-3135 Oracle /tmp Race Condition Vulnerability Source: XF Type: UNKNOWN oracle-binary-symlink(6940) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |