CVE-2005-1496 | Vulnerability Database | Aqua Security

The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.

Affected Software

Name	Vendor	Start Version	End Version
Application_server	Oracle	10.1.0.2 (including)	10.1.0.2 (including)
Application_server	Oracle	10.1.0.3 (including)	10.1.0.3 (including)
Application_server	Oracle	10.1.0.3.1 (including)	10.1.0.3.1 (including)
Oracle10g	Oracle	enterprise_10.1.0.2 (including)	enterprise_10.1.0.2 (including)
Oracle10g	Oracle	enterprise_10.1.0.3 (including)	enterprise_10.1.0.3 (including)
Oracle10g	Oracle	enterprise_10.1.0.3.1 (including)	enterprise_10.1.0.3.1 (including)
Oracle10g	Oracle	personal_10.1.0.2 (including)	personal_10.1.0.2 (including)
Oracle10g	Oracle	personal_10.1.0.3 (including)	personal_10.1.0.3 (including)
Oracle10g	Oracle	personal_10.1.0.3.1 (including)	personal_10.1.0.3.1 (including)
Oracle10g	Oracle	standard_10.1.0.2 (including)	standard_10.1.0.2 (including)
Oracle10g	Oracle	standard_10.1.0.3 (including)	standard_10.1.0.3 (including)
Oracle10g	Oracle	standard_10.1.0.3.1 (including)	standard_10.1.0.3.1 (including)

References

http://marc.info/?l=bugtraq\u0026m=111531740305049\u0026w=2
http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html
http://www.securityfocus.com/bid/13509
https://exchange.xforce.ibmcloud.com/vulnerabilities/20410

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-1496
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html