Description
oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory identified by the ORACLE_HOME environment variable.
Affected products
- oracle / database_server8.0 – 8.0
- oracle / database_server8.1 – 8.1
- oracle / database_server9.0.1 – 9.0.1