CVE-2001-0943
First published: Fri Aug 31 2001(Updated: )
dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Database | =8.0.5 | |
| Oracle Database | =8.1.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-0943?
CVE-2001-0943 is considered a high-severity vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2001-0943?
To fix CVE-2001-0943, ensure that the PATH environment variable does not include directories that contain untrusted or malicious executables.
Which versions of Oracle Database are affected by CVE-2001-0943?
CVE-2001-0943 affects Oracle Database versions 8.0.5 and 8.1.5.
What type of attack is associated with CVE-2001-0943?
CVE-2001-0943 is associated with local privilege escalation attacks through the execution of Trojan Horse programs.
Who is primarily affected by CVE-2001-0943?
Local users with access to modify the environment variables are primarily affected by CVE-2001-0943.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/oracle
- product/database server
- canonical/oracle database server
- canonical/oracle database
- version/oracle database/8.0.5
- version/oracle database/8.1.5