CVE-2007-4393

Published Aug 17, 2007

Last updated 16 years ago

Overview

Description: The installation script for orarun on SUSE Linux before 20070810 places the oracle user into the disk group, which allows the local oracle user to read or write raw disk partitions.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:suse:suse_linux:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67527281-81FA-4068-9E0A-7B19FB6A208A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References