VULHUB ™

A problem with the Oracle startup script could lead to arbitrary library attacks. The problem is in the initialization of the LD_LIBRARY_PATH environment variable. The 'oracle.sh' script insecurely initializes the LD_LIBRARY_PATH environment variable. Specifically, the script does not properly check whether the environment variable already exists and creates an LD_LIBRARY_PATH with an empty element. When ld is used, it will look for paths to search for in the LD_LIBRARY_PATH environment variable. An attacker can exploit this vulnerability to trick a user into performing some actions in a directory where a malicious library exists. This may allow an attacker to run arbitary code, contained within the malicious library, with the privileges of the victim user.

A problem with the Oracle startup script could lead to arbitrary library attacks. The problem is in the initialization of the LD_LIBRARY_PATH environment variable. The 'oracle.sh' script insecurely initializes the LD_LIBRARY_PATH environment variable. Specifically, the script does not properly check whether the environment variable already exists and creates an LD_LIBRARY_PATH with an empty element. When ld is used, it will look for paths to search for in the LD_LIBRARY_PATH environment variable. An attacker can exploit this vulnerability to trick a user into performing some actions in a directory where a malicious library exists. This may allow an attacker to run arbitary code, contained within the malicious library, with the privileges of the victim user.