Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1366

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2004-1366
Last Modified 05 Sep 2008 12:00:00
Published 04 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1366

Summary

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

Vulnerable Systems

Application

  • Oracle Application Server

  • Oracle Application Server 9.0.2

  • Oracle Application Server 9.0.2.0.0

  • Oracle Application Server 9.0.2.0.1

  • Oracle Application Server 9.0.2.1

  • Oracle Application Server 9.0.2.2

  • Oracle Application Server 9.0.2.3

  • Oracle Application Server 9.0.3

  • Oracle Application Server 9.0.3.1

  • Oracle Application Server 9.0.4

  • Oracle Application Server 9.0.4.0

  • Oracle Application Server 9.0.4.1

  • Oracle Collaboration Suite Release 1

  • Oracle E-business Suite 11.5.1

  • Oracle E-business Suite 11.5.2

  • Oracle E-business Suite 11.5.3

  • Oracle E-business Suite 11.5.4

  • Oracle E-business Suite 11.5.5

  • Oracle E-business Suite 11.5.6

  • Oracle E-business Suite 11.5.7

  • Oracle E-business Suite 11.5.8

  • Oracle E-business Suite 11.5.9

  • Oracle Enterprise Manager 9

  • Oracle Enterprise Manager 9.0.1

  • Oracle Enterprise Manager Database Control 10.1.2

  • Oracle Enterprise Manager Grid Control 10.1.0.2

  • Oracle10g Enterprise 10.1.0.2

  • Oracle10g Enterprise 9.0.4 .0

  • Oracle10g Personal 10.1 .0.2

  • Oracle10g Personal 9.0.4 .0

  • Oracle10g Standard 10.1 .0.2

  • Oracle10g Standard 9.0.4 .0

  • Oracle8i Enterprise 8.0.5 .0.0

  • Oracle8i Enterprise 8.0.6 .0.0

  • Oracle8i Enterprise 8.0.6 .0.1

  • Oracle8i Enterprise 8.1.5 .0.0

  • Oracle8i Enterprise 8.1.5 .0.2

  • Oracle8i Enterprise 8.1.5 .1.0

  • Oracle8i Enterprise 8.1.6 .0.0

  • Oracle8i Enterprise 8.1.6 .1.0

  • Oracle8i Enterprise 8.1.7 .0.0

  • Oracle8i Enterprise 8.1.7 .1.0

  • Oracle8i Enterprise 8.1.7 .4

  • Oracle8i Standard 8.0.6

  • Oracle8i Standard 8.0.6 .3

  • Oracle8i Standard 8.1.5

  • Oracle8i Standard 8.1.6

  • Oracle8i Standard 8.1.7

  • Oracle8i Standard 8.1.7 .0.0

  • Oracle8i Standard 8.1.7 .1

  • Oracle8i Standard 8.1.7 .4

  • Oracle9i Client 9.2.0.1

  • Oracle9i Client 9.2.0.2

  • Oracle9i Enterprise 8.1.7

  • Oracle9i Enterprise 9.0.1

  • Oracle9i Enterprise 9.0.1.4

  • Oracle9i Enterprise 9.0.1.5

  • Oracle9i Enterprise 9.2.0

  • Oracle9i Enterprise 9.2.0.1

  • Oracle9i Enterprise 9.2.0.2

  • Oracle9i Enterprise 9.2.0.3

  • Oracle9i Enterprise 9.2.0.4

  • Oracle9i Enterprise 9.2.0.5

  • Oracle9i Personal 8.1.7

  • Oracle9i Personal 9.0.1

  • Oracle9i Personal 9.0.1.4

  • Oracle9i Personal 9.0.1.5

  • Oracle9i Personal 9.2

  • Oracle9i Personal 9.2.0.1

  • Oracle9i Personal 9.2.0.2

  • Oracle9i Personal 9.2.0.3

  • Oracle9i Personal 9.2.0.4

  • Oracle9i Personal 9.2.0.5

  • Oracle9i Standard 8.1.7

  • Oracle9i Standard 9.0

  • Oracle9i Standard 9.0.1

  • Oracle9i Standard 9.0.1.2

  • Oracle9i Standard 9.0.1.3

  • Oracle9i Standard 9.0.1.4

  • Oracle9i Standard 9.0.1.5

  • Oracle9i Standard 9.0.2

  • Oracle9i Standard 9.2

  • Oracle9i Standard 9.2.0.1

  • Oracle9i Standard 9.2.0.2

  • Oracle9i Standard 9.2.0.3

  • Oracle9i Standard 9.2.0.4

  • Oracle9i Standard 9.2.0.5


References

CERT - TA04-245A

CERT-VN - VU#316206

XF - oracle-sysman-password-plaintext(18661)

BID - 10871

BUGTRAQ - 20041223 Oracle clear text passwords (#NISR2122004D)

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

MISC - http://www.ngssoftware.com/advisories/oracle23122004D.txt

SUNALERT - 101782


Last Updated: 27 May 2016 10:39:00