Published: 30/07/2004 Updated: 11/07/2017

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle application server 1.0.2.2.2
oracle application server 9.0.2
oracle application server 9.0.3.1
oracle application server portal 3.0.9.8.5
oracle oracle8i enterprise_8.0.5_.0.0
oracle oracle8i enterprise_8.0.6_.0.0
oracle oracle8i enterprise_8.0.6_.0.1
oracle oracle8i enterprise_8.1.7_.1.0
oracle oracle8i standard_8.0.6
oracle oracle8i standard_8.1.7_.4
oracle oracle9i client_9.2.0.1
oracle oracle9i enterprise_9.2.0.3
oracle oracle9i enterprise_9.2.0.4
oracle oracle9i personal_9.2.0.2
oracle oracle9i personal_9.2.0.3
oracle oracle9i standard_9.0.1.5
oracle oracle9i standard_9.0.2
oracle application server
oracle application server 1.0.2
oracle application server 9.0.2.1
oracle application server 9.0.2.2
oracle application server portal 9.0.2.3b
oracle database server lite 5.0
oracle oracle8i enterprise_8.1.5_.1.0
oracle oracle8i enterprise_8.1.6_.0.0
oracle oracle8i standard_8.1.6
oracle oracle8i standard_8.1.7
oracle oracle9i enterprise_9.0.1.4
oracle oracle9i enterprise_9.0.1.5
oracle oracle9i personal_9.0.1.4
oracle oracle9i personal_9.0.1.5
oracle oracle9i standard_9.0.1
oracle oracle9i standard_9.0.1.2
oracle oracle9i standard_9.2.0.2
oracle oracle9i standard_9.2.0.3
oracle oracle9i standard_9.2.0.4
oracle application server 1.0.2.1s
oracle application server 1.0.2.2
oracle application server 9.0.2.3
oracle application server 9.0.3
oracle database server lite 5.0.1
oracle database server lite 5.0.2
oracle oracle8i enterprise_8.1.6_.1.0
oracle oracle8i enterprise_8.1.7_.0.0
oracle oracle8i standard_8.1.7_.0.0
oracle oracle8i standard_8.1.7_.1
oracle oracle9i enterprise_9.2.0
oracle oracle9i enterprise_9.2.0.1
oracle oracle9i enterprise_9.2.0.2
oracle oracle9i personal_9.2
oracle oracle9i personal_9.2.0.1
oracle oracle9i standard_9.0.1.3
oracle oracle9i standard_9.0.1.4
oracle oracle9i standard_9.2.3
oracle application server 9.0.2.0.0
oracle application server 9.0.2.0.1
oracle application server portal 9.0.2.3
oracle application server portal 9.0.2.3a
oracle oracle8i enterprise_8.1.5_.0.0
oracle oracle8i enterprise_8.1.5_.0.2
oracle oracle8i standard_8.0.6_.3
oracle oracle8i standard_8.1.5
oracle oracle9i client_9.2.0.2
oracle oracle9i enterprise_9.0.1
oracle oracle9i personal_8.1.7
oracle oracle9i personal_9.0.1
oracle oracle9i personal_9.2.0.4
oracle oracle9i standard_9.0
oracle oracle9i standard_9.2
oracle oracle9i standard_9.2.0.1

source: wwwsecurityfocuscom/bid/10829/info Oracle database implementations are reportedly prone to a default library directory privilege escalation vulnerability This issue arises due to a default configuration error that will permit the attacker to replace libraries required by setuid root applications with arbitrary code This issue w ...

NVD-CWE-Other http://www.securityfocus.com/bid/10829 http://secunia.com/advisories/12205 http://marc.info/?l=bugtraq&m=109147677214087&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16839 https://nvd.nist.gov https://www.exploit-db.com/exploits/24335/

CVE-2004-1707

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect