EIP-2026-102939

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102939. PoCs published by Kevin Wenchel.

AI-analyzed exploit summary This exploit leverages insecure file handling and environment variable trust in Oracle's suid executables (e.g., cmctl) to create a setuid shell owned by the 'oracle' user. It manipulates ORACLE_HOME and ORAHOME to redirect file operations and execute arbitrary commands.

Description

Oracle 8 - File Access

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kevin Wenchel · bashlocallinux

https://www.exploit-db.com/exploits/19142

View Code ZIP pw:eip

This exploit leverages insecure file handling and environment variable trust in Oracle's suid executables (e.g., cmctl) to create a setuid shell owned by the 'oracle' user. It manipulates ORACLE_HOME and ORAHOME to redirect file operations and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Oracle Database (Unix versions with vulnerable suid executables)

No auth needed

Prerequisites: Presence of vulnerable Oracle suid executables (e.g., cmctl) · Write access to /tmp directory

MITRE ATT&CK

T1189 - Drive-by Compromise T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Oracle 8 - File Access

Exploitation Summary

Description

Exploits (1)

Details