Vulnerability: Arbitrary Code Execution via PATH Manipulation in Oracle DBSNMP

Vulnerability: Arbitrary Code Execution via PATH Manipulation in Oracle DBSNMP

CVE-2001-0943 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the PATH environment variable to find and execute the (1) chown or (2) chgrp commands, which allows local users to execute arbitrary code by modifying the PATH to point to Trojan Horse programs.

Learn more about our User Device Pen Test.