Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0567

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0567
Last Modified 05 Sep 2008 04:28:21
Published 03 Jul 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0567

Summary

Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.

Vulnerable Systems

Application

  • Oracle Database Server 8.0.1

  • Oracle Database Server 8.0.2

  • Oracle Database Server 8.0.3

  • Oracle Database Server 8.0.4

  • Oracle Database Server 8.0.5

  • Oracle Database Server 8.0.5.1

  • Oracle Database Server 8.0.6

  • Oracle Database Server 8.1.5

  • Oracle Database Server 8.1.6

  • Oracle Database Server 8.1.7

  • Oracle Database Server 8.1.7.0.0

  • Oracle8i 8.1.5

  • Oracle8i 8.1.6

  • Oracle8i 8.1.7

  • Oracle8i 8.1.7.1

  • Oracle8i Enterprise 8.0.5.0.0

  • Oracle8i Enterprise 8.0.6.0.0

  • Oracle8i Enterprise 8.0.6.0.1

  • Oracle8i Enterprise 8.1.5.0.0

  • Oracle8i Enterprise 8.1.5.0.2

  • Oracle8i Enterprise 8.1.5.1.0

  • Oracle8i Enterprise 8.1.6.0.0

  • Oracle8i Enterprise 8.1.6.1.0

  • Oracle8i Enterprise 8.1.7.0.0

  • Oracle8i Enterprise 8.1.7.1.0

  • Oracle9i 9.0

  • Oracle9i 9.0.1


References

CERT - CA-2002-08

CERT-VN - VU#180147

BID - 4033

CONFIRM - http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf

BUGTRAQ - 20020206 Remote Compromise in Oracle 9i Database Server

XF - oracle-plsql-remote-access(8089)


Last Updated: 27 May 2016 10:36:59