7.2

CVE-2004-1707

Exploit

The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.

Data is provided by the National Vulnerability Database (NVD)
OracleApplication Server Version1.0.2
OracleApplication Server Version1.0.2.1s
OracleApplication Server Version1.0.2.2
OracleApplication Server Version1.0.2.2.2
OracleApplication Server Version9.0.2
OracleApplication Server Version9.0.2.0.0
OracleApplication Server Version9.0.2.0.1
OracleApplication Server Version9.0.2.1
OracleApplication Server Version9.0.2.2
OracleApplication Server Version9.0.2.3
OracleApplication Server Version9.0.3
OracleApplication Server Version9.0.3.1
OracleApplication Server Portal Version3.0.9.8.5
OracleApplication Server Portal Version9.0.2.3
OracleApplication Server Portal Version9.0.2.3a
OracleApplication Server Portal Version9.0.2.3b
OracleDatabase Server Lite Version5.0
OracleDatabase Server Lite Version5.0.1
OracleDatabase Server Lite Version5.0.2
OracleOracle8i Versionenterprise_8.0.5_.0.0
OracleOracle8i Versionenterprise_8.0.6_.0.0
OracleOracle8i Versionenterprise_8.0.6_.0.1
OracleOracle8i Versionenterprise_8.1.5_.0.0
OracleOracle8i Versionenterprise_8.1.5_.0.2
OracleOracle8i Versionenterprise_8.1.5_.1.0
OracleOracle8i Versionenterprise_8.1.6_.0.0
OracleOracle8i Versionenterprise_8.1.6_.1.0
OracleOracle8i Versionenterprise_8.1.7_.0.0
OracleOracle8i Versionenterprise_8.1.7_.1.0
OracleOracle8i Versionstandard_8.0.6
OracleOracle8i Versionstandard_8.0.6_.3
OracleOracle8i Versionstandard_8.1.5
OracleOracle8i Versionstandard_8.1.6
OracleOracle8i Versionstandard_8.1.7
OracleOracle8i Versionstandard_8.1.7_.0.0
OracleOracle8i Versionstandard_8.1.7_.1
OracleOracle8i Versionstandard_8.1.7_.4
OracleOracle9i Versionclient_9.2.0.1
OracleOracle9i Versionclient_9.2.0.2
OracleOracle9i Versionenterprise_9.0.1
OracleOracle9i Versionenterprise_9.0.1.4
OracleOracle9i Versionenterprise_9.0.1.5
OracleOracle9i Versionenterprise_9.2.0
OracleOracle9i Versionenterprise_9.2.0.1
OracleOracle9i Versionenterprise_9.2.0.2
OracleOracle9i Versionenterprise_9.2.0.3
OracleOracle9i Versionenterprise_9.2.0.4
OracleOracle9i Versionpersonal_8.1.7
OracleOracle9i Versionpersonal_9.0.1
OracleOracle9i Versionpersonal_9.0.1.4
OracleOracle9i Versionpersonal_9.0.1.5
OracleOracle9i Versionpersonal_9.2
OracleOracle9i Versionpersonal_9.2.0.1
OracleOracle9i Versionpersonal_9.2.0.2
OracleOracle9i Versionpersonal_9.2.0.3
OracleOracle9i Versionpersonal_9.2.0.4
OracleOracle9i Versionstandard_9.0
OracleOracle9i Versionstandard_9.0.1
OracleOracle9i Versionstandard_9.0.1.2
OracleOracle9i Versionstandard_9.0.1.3
OracleOracle9i Versionstandard_9.0.1.4
OracleOracle9i Versionstandard_9.0.1.5
OracleOracle9i Versionstandard_9.0.2
OracleOracle9i Versionstandard_9.2
OracleOracle9i Versionstandard_9.2.0.1
OracleOracle9i Versionstandard_9.2.0.2
OracleOracle9i Versionstandard_9.2.0.3
OracleOracle9i Versionstandard_9.2.0.4
OracleOracle9i Versionstandard_9.2.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 12.3% 0.936
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
http://secunia.com/advisories/12205
Patch
Vendor Advisory
Exploit