Signature Detail
Short Name |
DB:ORACLE:DBMS:JVM-SYS-CMD |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle Database DBMS_JVM_EXP_PERMS System Command Execution |
Release Date |
2014/04/16 |
Update Number |
2365 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DB: Oracle Database DBMS_JVM_EXP_PERMS System Command Execution
This signature detects attempts to exploit a known flaw in Oracle. A privilege escalation vulnerability exists in Oracle Database server that can allow users with limited privileges to execute arbitrary operating system commands on a target server.
Extended Description
Oracle Database is prone to multiple remote privilege-escalation issues because it fails to properly restrict access to certain packages. The attacker can exploit these issues to escalate their privileges to DBA or execute arbitrary operating system commands with SYSTEM privileges, leading to a complete compromise of an affected computer. These vulnerabilities affect Oracle Database 11gR2. One of the issues also affects Oracle Database 10gR2.
Affected Products
- Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
- Oracle Oracle10g Enterprise Edition 10.1.0 .0.3
- Oracle Oracle10g Enterprise Edition 10.1.0 .0.3.1
- Oracle Oracle10g Enterprise Edition 10.1.0 .0.4
- Oracle Oracle10g Enterprise Edition 10.1.0.4
- Oracle Oracle10g Enterprise Edition 10.1.0.4.2
- Oracle Oracle10g Enterprise Edition 10.1.0 .5
- Oracle Oracle10g Enterprise Edition 10.2
- Oracle Oracle10g Enterprise Edition 10.2.0 .1
- Oracle Oracle10g Enterprise Edition 10.2.0 .2
- Oracle Oracle10g Enterprise Edition 10.2.0.2 64 bit
- Oracle Oracle10g Enterprise Edition 10.2.0 .3
- Oracle Oracle10g Enterprise Edition 10.2.0.4
- Oracle Oracle10g Enterprise Edition 10.2.0 .5
- Oracle Oracle10g Enterprise Edition 10.3.0 .1
- Oracle Oracle10g Enterprise Edition 9.0.4 .0
- Oracle Oracle10g Personal Edition 10.1.0 .0.2
- Oracle Oracle10g Personal Edition 10.1.0 .0.3
- Oracle Oracle10g Personal Edition 10.1.0 .0.3.1
- Oracle Oracle10g Personal Edition 10.1.0 .0.4
- Oracle Oracle10g Personal Edition 10.1.0.4
- Oracle Oracle10g Personal Edition 10.1.0.5
- Oracle Oracle10g Personal Edition 10.2
- Oracle Oracle10g Personal Edition 10.2.0 .1
- Oracle Oracle10g Personal Edition 10.2.0 .2
- Oracle Oracle10g Personal Edition 10.2.0 .3
- Oracle Oracle10g Personal Edition 10.2.0.4
- Oracle Oracle10g Personal Edition 10.2.0 .5
- Oracle Oracle10g Personal Edition 10.3.0 .1
- Oracle Oracle10g Personal Edition 9.0.4 .0
- Oracle Oracle10g Standard Edition 10.1.0 .0.2
- Oracle Oracle10g Standard Edition 10.1.0 .0.3
- Oracle Oracle10g Standard Edition 10.1.0 .0.3.1
- Oracle Oracle10g Standard Edition 10.1.0 .0.4
- Oracle Oracle10g Standard Edition 10.1.0 .0.5
- Oracle Oracle10g Standard Edition 10.1.0.4
- Oracle Oracle10g Standard Edition 10.1.0 .4.2
- Oracle Oracle10g Standard Edition 10.1.0 .5
- Oracle Oracle10g Standard Edition 10.2
- Oracle Oracle10g Standard Edition 10.2.0.1
- Oracle Oracle10g Standard Edition 10.2.0 .2
- Oracle Oracle10g Standard Edition 10.2.0 .3
- Oracle Oracle10g Standard Edition 10.2.0.4
- Oracle Oracle10g Standard Edition 10.2.0 .5
- Oracle Oracle10g Standard Edition 10.3.0 .1
- Oracle Oracle11g Enterprise Edition 11.1.0 6
- Oracle Oracle11g Enterprise Edition 11.1.0.7
- Oracle Oracle11g Enterprise Edition 11.2.0.1.0
- Oracle Oracle11g Standard Edition 11.1.0 6
- Oracle Oracle11g Standard Edition 11.1.0.7
- Oracle Oracle11g Standard Edition 11.2.0.1.0
References
- BugTraq: 38115
- CVE: CVE-2010-0866