CERTA-2001-AVI-158
Vulnerability from certfr_avis

De multiples vulnérabilités présentes dans dbsnmp (Oracle Intelligent Agent) permettent à un utilisateur mal intentionné d'obtenir les privilèges de l'administrateur root.

Description

dbsnmp (Oracle Intelligent Agent) est un processus permettant la gestion des travaux, le traitement des requêtes snmp, etc.

De multiples vulnérabilités présentes dans l'exécutable dbsnmp (débordement de mémoire, failles dans la gestion du chemin (path) des exécutables) permettent à un utilisateur mal intentionné d'obtenir les privilèges de l'administrateur root.

Solution

Appliquer les correctifs mentionnés dans le document

http://otn.oracle.com/deploy/security/pdf/dbsnmp_patch_matrix.pdf

Oracle Database Server versions 8.1.7 et antérieures.

Le débordement de mémoire affecte aussi Oracle Database Server 9.0.1.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eOracle Database Server versions 8.1.7  et ant\u00e9rieures.  \u003cP\u003eLe d\u00e9bordement de m\u00e9moire affecte aussi Oracle Database Server  9.0.1.\u003c/P\u003e\u003c/p\u003e",
  "content": "## Description\n\ndbsnmp (Oracle Intelligent Agent) est un processus permettant la gestion\ndes travaux, le traitement des requ\u00eates snmp, etc.\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans l\u0027ex\u00e9cutable dbsnmp\n(d\u00e9bordement de m\u00e9moire, failles dans la gestion du chemin (path) des\nex\u00e9cutables) permettent \u00e0 un utilisateur mal intentionn\u00e9 d\u0027obtenir les\nprivil\u00e8ges de l\u0027administrateur root.\n\n## Solution\n\nAppliquer les correctifs mentionn\u00e9s dans le document\n\n    http://otn.oracle.com/deploy/security/pdf/dbsnmp_patch_matrix.pdf\n",
  "cves": [],
  "initial_release_date": "2001-12-04T00:00:00",
  "last_revision_date": "2001-12-04T00:00:00",
  "links": [
    {
      "title": "Alerte de s\u00e9curit\u00e9 #23 d\u0027Oracle: \"Oracle  Database Server dbsnmp vulnerabilities\"",
      "url": "http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf"
    }
  ],
  "reference": "CERTA-2001-AVI-158",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2001-12-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans dbsnmp (Oracle Intelligent\nAgent) permettent \u00e0 un utilisateur mal intentionn\u00e9 d\u0027obtenir les\nprivil\u00e8ges de l\u0027administrateur root.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de l\u0027agent dbsnmp du SGBD Oracle.",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 #23 d\u0027Oracle.",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.