Summary
This host is installed with Oracle Database Server and is prone to security bypass vulnerability.
Impact
Successful exploitation will allow attackers to gain access to an operating system account and execute commands.
Impact Level: Application/System
Solution
Apply patches from below link,
http://metalink.oracle.com
*****
NOTE: Ignore this warning if above mentioned patch is installed.
*****
Insight
A flaw exist in Oracle listener program, which allows attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands
Affected
Oracle Database Server versions 7.3.4, 8.0.6, and 8.1.6 are affected
Detection
Get the installed version with the help of tnslsnr service and check it is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2000-0818 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- IBM DB2 UDB Multiple Unspecified Vulnerabilities (Windows)
- Oracle Database Server listener Security Bypass Vulnerability
- IBM DB2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability (Linux)
- Oracle Database Server Multiple Unspecified Vulnerabilities - Jan 08
- IBM DB2 Administration Server Buffer Overflow Vulnerability (Linux)