Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0637

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2004-0637
Last Modified 10 Sep 2008 12:00:00
Published 02 Sep 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2004-0637

Summary

Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.

Vulnerable Systems

Application

  • Oracle8i Enterprise 8.1.7 .4

  • Oracle8i Standard 8.1.7 .4

  • Oracle9i Enterprise 9.2.0.4

  • Oracle9i Personal 9.2.0.4

  • Oracle9i Standard 9.0.1.3

  • Oracle9i Standard 9.2.0.4


References

CERT-VN - VU#316206

IDEFENSE - 20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability

SECUNIA - 12409

BID - 11099


Last Updated: 27 May 2016 10:38:41