ID CVE-2002-0857
Summary Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:9.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:8.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2016 - 02:22)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 5460
bugtraq 20020814 Oracle Listener Control Format String Vulnerabilities (#NISR14082002)
cert-vn VU#301059
confirm http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf
misc http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt
sectrack 1005037
Last major update 18-10-2016 - 02:22
Published 05-09-2002 - 04:00
Last modified 18-10-2016 - 02:22
Back to Top