National Cyber-Alert System
Vulnerability Summary: CVE-2000-0818
Orirignal release date: 2000-12-19
Source: US-CERT/NIST

Overview

    The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.

Impact

    CVSS Severity: 10 (High)
    Range: local,remote
    Authentication: design
    Impact Type: sec_prot admin="1"

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    listener (Oracle)

Technical Details

CVE Standard Vulnerability Entry: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0818