Local Privilege Escalation in Oracle Database Products on Unix Systems
CVE-2004-1707

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle8i; Oracle9i; Application Server; Database Server Lite
Vendor: CVE Published:; 30 July 2004

Summary

The Oracle database products, including versions 8i, 9i, and Oracle IAS 9.0.2.0.1, are susceptible to a local privilege escalation vulnerability due to the default library file search paths utilized by the dbsnmp and nmo programs. Operating with elevated privileges, these programs allow certain Oracle user accounts to potentially execute a modified libclntsh.so.9.0 library file, enabling unauthorized access to root privileges on Unix systems.

References

http://secunia.com/advisories/12205

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/16839

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=109147677214087&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

20% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Feb 26, 2005
Vulnerability published
Jul 30, 2004