CVE-2004-1707

EIP tracks 1 public exploit for CVE-2004-1707. PoCs published by Juan Manuel Pascual Escribá.

AI-analyzed exploit summary This exploit leverages a default library directory misconfiguration in Oracle on UNIX/Linux to replace libraries used by setuid root applications, allowing privilege escalation to root via a malicious shared library.

The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.