Signature Detail
Short Name |
DB:ORACLE:TNS:ORACLE-PRIVESC |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle DBMS_Scheduler Privilege Escalation Vulnerability |
Release Date |
2010/09/01 |
Update Number |
1765 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DB: Oracle DBMS_Scheduler Privilege Escalation Vulnerability
This signature detects attempts to exploit a known vulnerability against Oracle DBMS. Attackers can elevate privileges to take complete control of the target system .
Extended Description
Oracle database is prone to a privilege escalation vulnerability. A user with 'create job' privileges can switch the 'session_user' to 'SYS'. This will facilitate privilege escalation. This issue is reported to be addressed in the 10.0.1.14 patch set for Oracle.
Affected Products
- Oracle Oracle10g Application Server 10.1.0 .0.2
- Oracle Oracle10g Application Server 10.1.0 .0.3
- Oracle Oracle10g Application Server 10.1.0 .0.3.1
- Oracle Oracle10g Application Server 10.1.2
- Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
- Oracle Oracle10g Enterprise Edition 10.1.0 .0.3
- Oracle Oracle10g Enterprise Edition 10.1.0 .0.3.1
- Oracle Oracle10g Personal Edition 10.1.0 .0.2
- Oracle Oracle10g Personal Edition 10.1.0 .0.3
- Oracle Oracle10g Personal Edition 10.1.0 .0.3.1
- Oracle Oracle10g Standard Edition 10.1.0 .0.2
- Oracle Oracle10g Standard Edition 10.1.0 .0.3
- Oracle Oracle10g Standard Edition 10.1.0 .0.3.1
References
- BugTraq: 13509
- CVE: CVE-2005-1496