VULHUB ™

Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. It may be possible for a local user to execute arbitrary code and commands via dbsnmp, included with the Oracle suite. dbsnmp will follow the path of the ORACLE_HOME environment variable if supplied by the user. This oversight in input validation makes it possible for a user to create a custom directory, and force dbsnmp to run programs and libraries out of there, which could lead to code or command execution. It should be noted that this is only an issue on Unix or Linux systems running the vulnerable software.

Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. It may be possible for a local user to execute arbitrary code and commands via dbsnmp, included with the Oracle suite. dbsnmp will follow the path of the ORACLE_HOME environment variable if supplied by the user. This oversight in input validation makes it possible for a user to create a custom directory, and force dbsnmp to run programs and libraries out of there, which could lead to code or command execution. It should be noted that this is only an issue on Unix or Linux systems running the vulnerable software.