CVE-2004-1707
First published: Fri Jul 30 2004(Updated: )
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle 8i | =standard_8.1.7_.4 | |
| Oracle Oracle9i | =standard_9.0.2 | |
| Oracle Oracle9i | =standard_9.0.1.4 | |
| Oracle Application Server | =9.0.2.1 | |
| Oracle 8i | =enterprise_8.1.6_.0.0 | |
| Oracle Oracle9i | =personal_8.1.7 | |
| Oracle Database Lite | =5.0 | |
| Oracle Application Server | ||
| Oracle Oracle9i | =client_9.2.0.2 | |
| Oracle Application Server | =9.0.2.0.0 | |
| Oracle Oracle9i | =client_9.2.0.1 | |
| Oracle Oracle9i | =personal_9.2.0.1 | |
| Oracle Oracle9i | =personal_9.2.0.2 | |
| Oracle 8i | =standard_8.0.6 | |
| Oracle 8i | =enterprise_8.1.5_.1.0 | |
| Oracle Oracle9i | =personal_9.0.1.5 | |
| Oracle 8i | =standard_8.1.6 | |
| Oracle Oracle9i | =standard_9.0.1 | |
| Oracle Oracle9i | =standard_9.2.0.3 | |
| Oracle Oracle9i | =enterprise_9.2.0.2 | |
| Oracle Application Server Portal | =9.0.2.3b | |
| Oracle Oracle9i | =enterprise_9.2.0.4 | |
| Oracle Oracle9i | =enterprise_9.0.1.5 | |
| Oracle Oracle9i | =personal_9.2 | |
| Oracle Oracle9i | =standard_9.0 | |
| Oracle Application Server | =9.0.2.3 | |
| Oracle Oracle9i | =standard_9.2.0.1 | |
| Oracle Application Server | =9.0.2.0.1 | |
| Oracle Oracle9i | =standard_9.2 | |
| Oracle Application Server Portal | =3.0.9.8.5 | |
| Oracle Database Lite | =5.0.1 | |
| Oracle Oracle9i | =enterprise_9.0.1 | |
| Oracle Oracle9i | =standard_9.0.1.2 | |
| Oracle Oracle9i | =standard_9.2.0.4 | |
| Oracle Oracle9i | =enterprise_9.2.0 | |
| Oracle 8i | =standard_8.1.7_.1 | |
| Oracle Application Server Portal | =9.0.2.3 | |
| Oracle Database Lite | =5.0.2 | |
| Oracle 8i | =enterprise_8.1.7_.1.0 | |
| Oracle 8i | =enterprise_8.1.5_.0.2 | |
| Oracle 8i | =enterprise_8.1.6_.1.0 | |
| Oracle Application Server Portal | =9.0.2.3a | |
| Oracle Application Server | =9.0.2.2 | |
| Oracle Application Server | =1.0.2.2.2 | |
| Oracle Application Server | =1.0.2.1s | |
| Oracle Application Server | =9.0.2 | |
| Oracle Oracle9i | =personal_9.0.1 | |
| Oracle 8i | =enterprise_8.1.7_.0.0 | |
| Oracle 8i | =standard_8.0.6_.3 | |
| Oracle Oracle9i | =standard_9.0.1.3 | |
| Oracle Application Server | =9.0.3 | |
| Oracle Oracle9i | =personal_9.2.0.4 | |
| Oracle 8i | =standard_8.1.7_.0.0 | |
| Oracle Oracle9i | =standard_9.2.0.2 | |
| Oracle Application Server | =9.0.3.1 | |
| Oracle Oracle9i | =enterprise_9.2.0.3 | |
| Oracle Oracle9i | =standard_9.2.3 | |
| Oracle Oracle9i | =personal_9.0.1.4 | |
| Oracle Oracle9i | =personal_9.2.0.3 | |
| Oracle 8i | =enterprise_8.0.6_.0.0 | |
| Oracle 8i | =enterprise_8.1.5_.0.0 | |
| Oracle Oracle9i | =enterprise_9.2.0.1 | |
| Oracle Application Server | =1.0.2.2 | |
| Oracle 8i | =standard_8.1.7 | |
| Oracle Oracle9i | =standard_9.0.1.5 | |
| Oracle 8i | =enterprise_8.0.6_.0.1 | |
| Oracle 8i | =enterprise_8.0.5_.0.0 | |
| Oracle 8i | =standard_8.1.5 | |
| Oracle Application Server | =1.0.2 | |
| Oracle Oracle9i | =enterprise_9.0.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-1707?
CVE-2004-1707 is considered to be a critical vulnerability due to its potential to allow unauthorized users to gain root privileges.
How do I fix CVE-2004-1707?
To fix CVE-2004-1707, it is recommended to update to a patched version of the affected Oracle software or adjust the library paths used by the dbsnmp and nmo programs to prevent the execution of modified libraries.
Which software is affected by CVE-2004-1707?
CVE-2004-1707 affects Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1 on Unix systems.
What impact does CVE-2004-1707 have on system security?
The impact of CVE-2004-1707 on system security is severe, as it allows certain Oracle user accounts to execute code with root privileges.
Is there a workaround for CVE-2004-1707?
Yes, as a workaround for CVE-2004-1707, users can modify the environment to limit the access to the library files utilized by Oracle's dbsnmp and nmo programs.
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/oracle
- canonical/oracle 8i
- version/oracle 8i/standard_8.1.7_.4
- canonical/oracle oracle9i
- version/oracle oracle9i/standard_9.0.2
- version/oracle oracle9i/standard_9.0.1.4
- canonical/oracle application server
- version/oracle application server/9.0.2.1
- version/oracle 8i/enterprise_8.1.6_.0.0
- version/oracle oracle9i/personal_8.1.7
- canonical/oracle database lite
- version/oracle database lite/5.0
- version/oracle oracle9i/client_9.2.0.2
- version/oracle application server/9.0.2.0.0
- version/oracle oracle9i/client_9.2.0.1
- version/oracle oracle9i/personal_9.2.0.1
- version/oracle oracle9i/personal_9.2.0.2
- version/oracle 8i/standard_8.0.6
- version/oracle 8i/enterprise_8.1.5_.1.0
- version/oracle oracle9i/personal_9.0.1.5
- version/oracle 8i/standard_8.1.6
- version/oracle oracle9i/standard_9.0.1
- version/oracle oracle9i/standard_9.2.0.3
- version/oracle oracle9i/enterprise_9.2.0.2
- canonical/oracle application server portal
- version/oracle application server portal/9.0.2.3b
- version/oracle oracle9i/enterprise_9.2.0.4
- version/oracle oracle9i/enterprise_9.0.1.5
- version/oracle oracle9i/personal_9.2
- version/oracle oracle9i/standard_9.0
- version/oracle application server/9.0.2.3
- version/oracle oracle9i/standard_9.2.0.1
- version/oracle application server/9.0.2.0.1
- version/oracle oracle9i/standard_9.2
- version/oracle application server portal/3.0.9.8.5
- version/oracle database lite/5.0.1
- version/oracle oracle9i/enterprise_9.0.1
- version/oracle oracle9i/standard_9.0.1.2
- version/oracle oracle9i/standard_9.2.0.4
- version/oracle oracle9i/enterprise_9.2.0
- version/oracle 8i/standard_8.1.7_.1
- version/oracle application server portal/9.0.2.3
- version/oracle database lite/5.0.2
- version/oracle 8i/enterprise_8.1.7_.1.0
- version/oracle 8i/enterprise_8.1.5_.0.2
- version/oracle 8i/enterprise_8.1.6_.1.0
- version/oracle application server portal/9.0.2.3a
- version/oracle application server/9.0.2.2
- version/oracle application server/1.0.2.2.2
- version/oracle application server/1.0.2.1s
- version/oracle application server/9.0.2
- version/oracle oracle9i/personal_9.0.1
- version/oracle 8i/enterprise_8.1.7_.0.0
- version/oracle 8i/standard_8.0.6_.3
- version/oracle oracle9i/standard_9.0.1.3
- version/oracle application server/9.0.3
- version/oracle oracle9i/personal_9.2.0.4
- version/oracle 8i/standard_8.1.7_.0.0
- version/oracle oracle9i/standard_9.2.0.2
- version/oracle application server/9.0.3.1
- version/oracle oracle9i/enterprise_9.2.0.3
- version/oracle oracle9i/standard_9.2.3
- version/oracle oracle9i/personal_9.0.1.4
- version/oracle oracle9i/personal_9.2.0.3
- version/oracle 8i/enterprise_8.0.6_.0.0
- version/oracle 8i/enterprise_8.1.5_.0.0
- version/oracle oracle9i/enterprise_9.2.0.1
- version/oracle application server/1.0.2.2
- version/oracle 8i/standard_8.1.7
- version/oracle oracle9i/standard_9.0.1.5
- version/oracle 8i/enterprise_8.0.6_.0.1
- version/oracle 8i/enterprise_8.0.5_.0.0
- version/oracle 8i/standard_8.1.5
- version/oracle application server/1.0.2
- version/oracle oracle9i/enterprise_9.0.1.4