Description
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
Products
- Oracle Database Server
- Oracle Database Server
- Oracle Database Server Enterprise Edition
- Oracle Database Server 1.0.2.2
- Oracle Database Server 1.0.2.2 Release 1
- Oracle Database Server 4.0.8
- Oracle Database Server 4.0.8 Release 2
- Oracle Database Server 4.2.0
- Oracle Database Server 4.2.3
- Oracle Database Server 5.1
- Oracle Database Server 7.0.2
- Oracle Database Server 7.0.64
- Oracle Database Server 7.1.3
- Oracle Database Server 7.1.4
- Oracle Database Server 7.1.5
- Oracle Database Server 7.3.3
- Oracle Database Server 7.3.4
- Oracle Database Server 7.3
- Oracle Database Server 7
- Oracle Database Server 8.0.1
- Oracle Database Server 8.0.2
- Oracle Database Server 8.0.3
- Oracle Database Server 8.0.4
- Oracle Database Server 8.0.5.1
- Oracle Database Server 8.0.5
- Oracle Database Server 8.0.6 3
- Oracle Database Server 8.0.6
- Oracle Database Server 8.0
- Oracle Database Server 8.1.5
- Oracle Database Server 8.1.6
- Oracle Database Server 8.1.7.0.0
- Oracle Database Server 8.1.7.4
- Oracle Database Server 8.1.7.4 Release 3
- Oracle Database Server 8.1.7
- Oracle Database Server 8.1.7 Release 1
- Oracle Database Server 8.1
- Oracle Database Server 8
- Oracle Database Server 9.0.1
- Oracle Database Server 9.0
- Oracle Database Server 9
Questions to Ask Vendors
- Can you confirm whether your systems are affected by CVE-2001-0833, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2001-0833 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions
- Check out the advisory links provided below.
References