CERTA-2001-AVI-158

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans dbsnmp (Oracle Intelligent Agent) permettent à un utilisateur mal intentionné d'obtenir les privilèges de l'administrateur root.

Description

dbsnmp (Oracle Intelligent Agent) est un processus permettant la gestion des travaux, le traitement des requêtes snmp, etc.

De multiples vulnérabilités présentes dans l'exécutable dbsnmp (débordement de mémoire, failles dans la gestion du chemin (path) des exécutables) permettent à un utilisateur mal intentionné d'obtenir les privilèges de l'administrateur root.

Solution

Appliquer les correctifs mentionnés dans le document

http://otn.oracle.com/deploy/security/pdf/dbsnmp_patch_matrix.pdf

Oracle Database Server versions 8.1.7 et antérieures.

Le débordement de mémoire affecte aussi Oracle Database Server 9.0.1.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eOracle Database Server versions 8.1.7  et ant\u00e9rieures.  \u003cP\u003eLe d\u00e9bordement de m\u00e9moire affecte aussi Oracle Database Server  9.0.1.\u003c/P\u003e\u003c/p\u003e",
  "content": "## Description\n\ndbsnmp (Oracle Intelligent Agent) est un processus permettant la gestion\ndes travaux, le traitement des requ\u00eates snmp, etc.\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans l\u0027ex\u00e9cutable dbsnmp\n(d\u00e9bordement de m\u00e9moire, failles dans la gestion du chemin (path) des\nex\u00e9cutables) permettent \u00e0 un utilisateur mal intentionn\u00e9 d\u0027obtenir les\nprivil\u00e8ges de l\u0027administrateur root.\n\n## Solution\n\nAppliquer les correctifs mentionn\u00e9s dans le document\n\n    http://otn.oracle.com/deploy/security/pdf/dbsnmp_patch_matrix.pdf\n",
  "cves": [],
  "links": [
    {
      "title": "Alerte de s\u00e9curit\u00e9 #23 d\u0027Oracle: \"Oracle  Database Server dbsnmp vulnerabilities\"",
      "url": "http://otn.oracle.com/deploy/security/pdf/dbsmp_alert.pdf"
    }
  ],
  "reference": "CERTA-2001-AVI-158",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2001-12-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans dbsnmp (Oracle Intelligent\nAgent) permettent \u00e0 un utilisateur mal intentionn\u00e9 d\u0027obtenir les\nprivil\u00e8ges de l\u0027administrateur root.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s de l\u0027agent dbsnmp du SGBD Oracle.",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Alerte de s\u00e9curit\u00e9 #23 d\u0027Oracle.",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.