Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1367

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2004-1367
Last Modified 05 Sep 2008 12:00:00
Published 04 Aug 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1367

Summary

Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.

Vulnerable Systems

Application

  • Oracle Application Server

  • Oracle Application Server 9.0.2

  • Oracle Application Server 9.0.2.0.0

  • Oracle Application Server 9.0.2.0.1

  • Oracle Application Server 9.0.2.1

  • Oracle Application Server 9.0.2.2

  • Oracle Application Server 9.0.2.3

  • Oracle Application Server 9.0.3

  • Oracle Application Server 9.0.3.1

  • Oracle Application Server 9.0.4

  • Oracle Application Server 9.0.4.0

  • Oracle Application Server 9.0.4.1

  • Oracle Collaboration Suite Release 1

  • Oracle E-business Suite 11.5.1

  • Oracle E-business Suite 11.5.2

  • Oracle E-business Suite 11.5.3

  • Oracle E-business Suite 11.5.4

  • Oracle E-business Suite 11.5.5

  • Oracle E-business Suite 11.5.6

  • Oracle E-business Suite 11.5.7

  • Oracle E-business Suite 11.5.8

  • Oracle E-business Suite 11.5.9

  • Oracle Enterprise Manager 9

  • Oracle Enterprise Manager 9.0.1

  • Oracle Enterprise Manager Database Control 10.1.2

  • Oracle Enterprise Manager Grid Control 10.1.0.2

  • Oracle10g Enterprise 10.1.0.2

  • Oracle10g Enterprise 9.0.4 .0

  • Oracle10g Personal 10.1 .0.2

  • Oracle10g Personal 9.0.4 .0

  • Oracle10g Standard 10.1 .0.2

  • Oracle10g Standard 9.0.4 .0

  • Oracle8i Enterprise 8.0.5 .0.0

  • Oracle8i Enterprise 8.0.6 .0.0

  • Oracle8i Enterprise 8.0.6 .0.1

  • Oracle8i Enterprise 8.1.5 .0.0

  • Oracle8i Enterprise 8.1.5 .0.2

  • Oracle8i Enterprise 8.1.5 .1.0

  • Oracle8i Enterprise 8.1.6 .0.0

  • Oracle8i Enterprise 8.1.6 .1.0

  • Oracle8i Enterprise 8.1.7 .0.0

  • Oracle8i Enterprise 8.1.7 .1.0

  • Oracle8i Enterprise 8.1.7 .4

  • Oracle8i Standard 8.0.6

  • Oracle8i Standard 8.0.6 .3

  • Oracle8i Standard 8.1.5

  • Oracle8i Standard 8.1.6

  • Oracle8i Standard 8.1.7

  • Oracle8i Standard 8.1.7 .0.0

  • Oracle8i Standard 8.1.7 .1

  • Oracle8i Standard 8.1.7 .4

  • Oracle9i Client 9.2.0.1

  • Oracle9i Client 9.2.0.2

  • Oracle9i Enterprise 8.1.7

  • Oracle9i Enterprise 9.0.1

  • Oracle9i Enterprise 9.0.1.4

  • Oracle9i Enterprise 9.0.1.5

  • Oracle9i Enterprise 9.2.0

  • Oracle9i Enterprise 9.2.0.1

  • Oracle9i Enterprise 9.2.0.2

  • Oracle9i Enterprise 9.2.0.3

  • Oracle9i Enterprise 9.2.0.4

  • Oracle9i Enterprise 9.2.0.5

  • Oracle9i Personal 8.1.7

  • Oracle9i Personal 9.0.1

  • Oracle9i Personal 9.0.1.4

  • Oracle9i Personal 9.0.1.5

  • Oracle9i Personal 9.2

  • Oracle9i Personal 9.2.0.1

  • Oracle9i Personal 9.2.0.2

  • Oracle9i Personal 9.2.0.3

  • Oracle9i Personal 9.2.0.4

  • Oracle9i Personal 9.2.0.5

  • Oracle9i Standard 8.1.7

  • Oracle9i Standard 9.0

  • Oracle9i Standard 9.0.1

  • Oracle9i Standard 9.0.1.2

  • Oracle9i Standard 9.0.1.3

  • Oracle9i Standard 9.0.1.4

  • Oracle9i Standard 9.0.1.5

  • Oracle9i Standard 9.0.2

  • Oracle9i Standard 9.2

  • Oracle9i Standard 9.2.0.1

  • Oracle9i Standard 9.2.0.2

  • Oracle9i Standard 9.2.0.3

  • Oracle9i Standard 9.2.0.4

  • Oracle9i Standard 9.2.0.5


References

CERT - TA04-245A

CERT-VN - VU#316206

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

MISC - http://www.ngssoftware.com/advisories/oracle23122004D.txt

BUGTRAQ - 20041223 Oracle clear text passwords (#NISR2122004D)

SUNALERT - 101782


Last Updated: 27 May 2016 10:39:00