oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle database server 8.1 |
||
oracle database server 9.0.1 |
||
oracle database server 8.0 |