CVE-2000-0818 - The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker

CVE-2000-0818

Summary

The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.

References

Vulnerable Configurations

cpe:2.3:a:oracle:listener:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:listener:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:listener:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:listener:8.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:listener:8.1.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:listener:8.1.6:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 10-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm	http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf
iss	20001025 Vulnerability in the Oracle Listener Program
xf	oracle-listener-connect-statements(5380)

Last major update

10-10-2017 - 01:29

Published

19-12-2000 - 05:00

Last modified

10-10-2017 - 01:29