CVE-2001-0833

Oracle Database Server < 9.0.1 - Buffer Overflow via ORACLE_HOME Environment Variable

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0833. PoCs published by Juan Manuel Pascual EscribÃ¡.

AI-analyzed exploit summary This exploit targets a buffer overflow in Oracle's otrcrep binary (SUID oracle, SGID dba) via the $ORACLE_HOME environment variable. It crafts a malicious environment variable to overwrite the return address and execute shellcode, granting arbitrary code execution with elevated privileges.

Description

Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Juan Manuel Pascual EscribÃ¡ · clocalunix

https://www.exploit-db.com/exploits/21045

View Code ZIP pw:eip

This exploit targets a buffer overflow in Oracle's otrcrep binary (SUID oracle, SGID dba) via the $ORACLE_HOME environment variable. It crafts a malicious environment variable to overwrite the return address and execute shellcode, granting arbitrary code execution with elevated privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database 8.0.5 (otrcrep binary)

No auth needed

Prerequisites: Local access to the system · Oracle Database 8.0.5 installed with vulnerable otrcrep binary · SUID/SGID permissions on otrcrep

MITRE ATT&CK