Oracle DBSNMP CHOwn Path Environment Variable Vulnerability

Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation.

A problem with dbsnmp makes it possible for a local user to gain elevated privileges. dbsnmp executes the chown and chgrp command when it runs without using a statically declared path, or first checking the validity of the PATH specified by the user.

This makes it possible for a local user to gain elevated privileges, including root access on the local host.

It should be noted that this is only an issue on Unix or Linux systems running the vulnerable software.


 

Privacy Statement
Copyright 2010, SecurityFocus