CVE: CVE-2002-0857 - CVE-Search

CVE Details for CVE: CVE-2002-0857

Summary

Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.

Timestamps
Last major update	18-10-2016 - 02:22
Published	05-09-2002 - 04:00
Last modified	18-10-2016 - 02:22

References

Vulnerable Configurations

cpe:2.3:a:oracle:oracle8i:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:oracle8i:8.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:9.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:9.2:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

NVD-CWE-Other

CVSS

Base

7.5

Impact

6.4

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

CVSS3

None

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	5460
bugtraq	20020814 Oracle Listener Control Format String Vulnerabilities (#NISR14082002)
cert-vn	VU#301059
confirm	http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf
misc	http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt
sectrack	1005037