The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Application_server | Oracle | 10.1.0.2 (including) | 10.1.0.2 (including) |
| Application_server | Oracle | 10.1.0.3 (including) | 10.1.0.3 (including) |
| Application_server | Oracle | 10.1.0.3.1 (including) | 10.1.0.3.1 (including) |
| Oracle10g | Oracle | enterprise_10.1.0.2 (including) | enterprise_10.1.0.2 (including) |
| Oracle10g | Oracle | enterprise_10.1.0.3 (including) | enterprise_10.1.0.3 (including) |
| Oracle10g | Oracle | enterprise_10.1.0.3.1 (including) | enterprise_10.1.0.3.1 (including) |
| Oracle10g | Oracle | personal_10.1.0.2 (including) | personal_10.1.0.2 (including) |
| Oracle10g | Oracle | personal_10.1.0.3 (including) | personal_10.1.0.3 (including) |
| Oracle10g | Oracle | personal_10.1.0.3.1 (including) | personal_10.1.0.3.1 (including) |
| Oracle10g | Oracle | standard_10.1.0.2 (including) | standard_10.1.0.2 (including) |
| Oracle10g | Oracle | standard_10.1.0.3 (including) | standard_10.1.0.3 (including) |
| Oracle10g | Oracle | standard_10.1.0.3.1 (including) | standard_10.1.0.3.1 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=111531740305049\u0026w=2
- http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html
- http://www.securityfocus.com/bid/13509
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20410
- http://marc.info/?l=bugtraq\u0026m=111531740305049\u0026w=2
- http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html
- http://www.securityfocus.com/bid/13509
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20410