Description

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.

Remediation

References

CVE-1999-1125

Related Vulnerabilities

WordPress Plugin WordPress Portfolio and Gallery-GridKit Gallery Unspecified Vulnerability (1.8.18)

Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-7861)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4549)

WordPress Plugin Custom Body Class Cross-Site Request Forgery (0.6.0)

WordPress Plugin Ibtana-Ecommerce Product Addons Cross-Site Scripting (0.2.3)

Severity

Critical

Classification

CVE-1999-1125

Tags

Missing Update Known Vulnerabilities