Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1365

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-1365
Last Modified 05 Sep 2008 04:41:08
Published 04 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1365

Summary

Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.

Vulnerable Systems

Application

  • Oracle Application Server

  • Oracle Application Server 9.0.2

  • Oracle Application Server 9.0.2.0.0

  • Oracle Application Server 9.0.2.0.1

  • Oracle Application Server 9.0.2.1

  • Oracle Application Server 9.0.2.2

  • Oracle Application Server 9.0.2.3

  • Oracle Application Server 9.0.3

  • Oracle Application Server 9.0.3.1

  • Oracle Application Server 9.0.4

  • Oracle Application Server 9.0.4.0

  • Oracle Application Server 9.0.4.1

  • Oracle Collaboration Suite Release 1

  • Oracle E-business Suite 11.5.1

  • Oracle E-business Suite 11.5.2

  • Oracle E-business Suite 11.5.3

  • Oracle E-business Suite 11.5.4

  • Oracle E-business Suite 11.5.5

  • Oracle E-business Suite 11.5.6

  • Oracle E-business Suite 11.5.7

  • Oracle E-business Suite 11.5.8

  • Oracle E-business Suite 11.5.9

  • Oracle Enterprise Manager 9

  • Oracle Enterprise Manager 9.0.1

  • Oracle Enterprise Manager Database Control 10.1.2

  • Oracle Enterprise Manager Grid Control 10.1.0.2

  • Oracle10g Enterprise 10.1.0.2

  • Oracle10g Enterprise 9.0.4 .0

  • Oracle10g Personal 10.1 .0.2

  • Oracle10g Personal 9.0.4 .0

  • Oracle10g Standard 10.1 .0.2

  • Oracle10g Standard 9.0.4 .0

  • Oracle8i Enterprise 8.0.5 .0.0

  • Oracle8i Enterprise 8.0.6 .0.0

  • Oracle8i Enterprise 8.0.6 .0.1

  • Oracle8i Enterprise 8.1.5 .0.0

  • Oracle8i Enterprise 8.1.5 .0.2

  • Oracle8i Enterprise 8.1.5 .1.0

  • Oracle8i Enterprise 8.1.6 .0.0

  • Oracle8i Enterprise 8.1.6 .1.0

  • Oracle8i Enterprise 8.1.7 .0.0

  • Oracle8i Enterprise 8.1.7 .1.0

  • Oracle8i Enterprise 8.1.7 .4

  • Oracle8i Standard 8.0.6

  • Oracle8i Standard 8.0.6 .3

  • Oracle8i Standard 8.1.5

  • Oracle8i Standard 8.1.6

  • Oracle8i Standard 8.1.7

  • Oracle8i Standard 8.1.7 .0.0

  • Oracle8i Standard 8.1.7 .1

  • Oracle8i Standard 8.1.7 .4

  • Oracle9i Client 9.2.0.1

  • Oracle9i Client 9.2.0.2

  • Oracle9i Enterprise 8.1.7

  • Oracle9i Enterprise 9.0.1

  • Oracle9i Enterprise 9.0.1.4

  • Oracle9i Enterprise 9.0.1.5

  • Oracle9i Enterprise 9.2.0

  • Oracle9i Enterprise 9.2.0.1

  • Oracle9i Enterprise 9.2.0.2

  • Oracle9i Enterprise 9.2.0.3

  • Oracle9i Enterprise 9.2.0.4

  • Oracle9i Enterprise 9.2.0.5

  • Oracle9i Personal 8.1.7

  • Oracle9i Personal 9.0.1

  • Oracle9i Personal 9.0.1.4

  • Oracle9i Personal 9.0.1.5

  • Oracle9i Personal 9.2

  • Oracle9i Personal 9.2.0.1

  • Oracle9i Personal 9.2.0.2

  • Oracle9i Personal 9.2.0.3

  • Oracle9i Personal 9.2.0.4

  • Oracle9i Personal 9.2.0.5

  • Oracle9i Standard 8.1.7

  • Oracle9i Standard 9.0

  • Oracle9i Standard 9.0.1

  • Oracle9i Standard 9.0.1.2

  • Oracle9i Standard 9.0.1.3

  • Oracle9i Standard 9.0.1.4

  • Oracle9i Standard 9.0.1.5

  • Oracle9i Standard 9.0.2

  • Oracle9i Standard 9.2

  • Oracle9i Standard 9.2.0.1

  • Oracle9i Standard 9.2.0.2

  • Oracle9i Standard 9.2.0.3

  • Oracle9i Standard 9.2.0.4

  • Oracle9i Standard 9.2.0.5


References

CERT - TA04-245A

CERT-VN - VU#316206

XF - oracle-extproc-command-execution(18662)

BID - 10871

MISC - http://www.ngssoftware.com/advisories/oracle23122004C.txt

BUGTRAQ - 20041223 Oracle extproc local command execution (#NISR23122004C)

SUNALERT - 101782


Last Updated: 27 May 2016 10:39:00