1. CVE-Search
  2. CVE-2001-0833
ID CVE-2001-0833
Summary Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:1.0.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:1.0.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:1.0.2.2:r1:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:1.0.2.2:r1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:4.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:4.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:4.0.8:r2:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:4.0.8:r2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:4.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:4.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:7.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:7.0.64:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:7.0.64:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:7.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:7.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:7.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:7.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:7.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:7.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:7.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:7.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.7:r1:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.7:r1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.7.4:r3:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.7.4:r3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.0.1:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 3139
bugtraq
  • 20010802 vulnerability in otrcrep binary in Oracle 8.0.5.
  • 20011023 FW: ASI Oracle Security Alert: 3 new security alerts
  • 20011024 Oracle Trace Collection Security Vulnerability
ciac M-011
confirm http://otn.oracle.com/deploy/security/pdf/otrcrep.pdf
vulnwatch 20011024 Oracle Trace Collection Security Vulnerability
xf oracle-binary-symlink(6940)
Last major update 03-05-2018 - 01:29
Published 06-12-2001 - 05:00
Last modified 03-05-2018 - 01:29
Back to Top