CVE Vulnerabilities

CVE-2004-1338

Published: Dec 23, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.

Affected Software

Name Vendor Start Version End Version
Database_server Oracle 10.2.1-r2 (including) 10.2.1-r2 (including)
Oracle9i Oracle 9.0 (including) 9.0 (including)
Oracle9i Oracle 9.0.1 (including) 9.0.1 (including)
Oracle9i Oracle 9.0.1.2 (including) 9.0.1.2 (including)
Oracle9i Oracle 9.0.1.3 (including) 9.0.1.3 (including)
Oracle9i Oracle 9.0.1.4 (including) 9.0.1.4 (including)
Oracle9i Oracle 9.0.2 (including) 9.0.2 (including)
Oracle9i Oracle 9.0.2.0.0 (including) 9.0.2.0.0 (including)
Oracle9i Oracle 9.0.2.0.1 (including) 9.0.2.0.1 (including)
Oracle9i Oracle 9.0.2.1 (including) 9.0.2.1 (including)
Oracle9i Oracle 9.0.2.2 (including) 9.0.2.2 (including)
Oracle9i Oracle 9.0.2.3 (including) 9.0.2.3 (including)
Oracle9i Oracle 9.2.0.1 (including) 9.2.0.1 (including)
Oracle9i Oracle 9.2.0.2 (including) 9.2.0.2 (including)

References