Summary
This host is installed with Oracle Database Server and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow attackers to gain access to an operating system account and execute commands.
Impact Level: Application/System
Solution
Apply patches from below link,
http://metalink.oracle.com
*****
NOTE: Ignore this warning if above mentioned patch is installed.
*****
Insight
A flaw exist in Oracle listener program, which allows attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands
Affected
Oracle Database Server versions 7.3.4, 8.0.6, and 8.1.6 are affected
Detection
Get the installed version with the help of tnslsnr service and check it is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2000-0818 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- MySQL Server Buffer Overflow Vulnerability (Linux)
- IBM DB2 UTL_FILE Module Directory Traversal Vulnerability (Windows)
- IBM DB2 Audit Facility Local Privilege Escalation Vulnerability (Linux)
- Oracle MySQL Server Multiple Vulnerabilities-01 Nov12 (Windows)
- IBM DB2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability (Linux)