Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1368

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2004-1368
Last Modified 05 Sep 2008 12:00:00
Published 04 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1368

Summary

ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.

Vulnerable Systems

Application

  • Oracle Application Server

  • Oracle Application Server 9.0.2

  • Oracle Application Server 9.0.2.0.0

  • Oracle Application Server 9.0.2.0.1

  • Oracle Application Server 9.0.2.1

  • Oracle Application Server 9.0.2.2

  • Oracle Application Server 9.0.2.3

  • Oracle Application Server 9.0.3

  • Oracle Application Server 9.0.3.1

  • Oracle Application Server 9.0.4

  • Oracle Application Server 9.0.4.0

  • Oracle Application Server 9.0.4.1

  • Oracle Collaboration Suite Release 1

  • Oracle E-business Suite 11.5.1

  • Oracle E-business Suite 11.5.2

  • Oracle E-business Suite 11.5.3

  • Oracle E-business Suite 11.5.4

  • Oracle E-business Suite 11.5.5

  • Oracle E-business Suite 11.5.6

  • Oracle E-business Suite 11.5.7

  • Oracle E-business Suite 11.5.8

  • Oracle E-business Suite 11.5.9

  • Oracle Enterprise Manager 9

  • Oracle Enterprise Manager 9.0.1

  • Oracle Enterprise Manager Database Control 10.1.2

  • Oracle Enterprise Manager Grid Control 10.1.0.2

  • Oracle10g Enterprise 10.1.0.2

  • Oracle10g Enterprise 9.0.4 .0

  • Oracle10g Personal 10.1 .0.2

  • Oracle10g Personal 9.0.4 .0

  • Oracle10g Standard 10.1 .0.2

  • Oracle10g Standard 9.0.4 .0

  • Oracle8i Enterprise 8.0.5 .0.0

  • Oracle8i Enterprise 8.0.6 .0.0

  • Oracle8i Enterprise 8.0.6 .0.1

  • Oracle8i Enterprise 8.1.5 .0.0

  • Oracle8i Enterprise 8.1.5 .0.2

  • Oracle8i Enterprise 8.1.5 .1.0

  • Oracle8i Enterprise 8.1.6 .0.0

  • Oracle8i Enterprise 8.1.6 .1.0

  • Oracle8i Enterprise 8.1.7 .0.0

  • Oracle8i Enterprise 8.1.7 .1.0

  • Oracle8i Enterprise 8.1.7 .4

  • Oracle8i Standard 8.0.6

  • Oracle8i Standard 8.0.6 .3

  • Oracle8i Standard 8.1.5

  • Oracle8i Standard 8.1.6

  • Oracle8i Standard 8.1.7

  • Oracle8i Standard 8.1.7 .0.0

  • Oracle8i Standard 8.1.7 .1

  • Oracle8i Standard 8.1.7 .4

  • Oracle9i Client 9.2.0.1

  • Oracle9i Client 9.2.0.2

  • Oracle9i Enterprise 8.1.7

  • Oracle9i Enterprise 9.0.1

  • Oracle9i Enterprise 9.0.1.4

  • Oracle9i Enterprise 9.0.1.5

  • Oracle9i Enterprise 9.2.0

  • Oracle9i Enterprise 9.2.0.1

  • Oracle9i Enterprise 9.2.0.2

  • Oracle9i Enterprise 9.2.0.3

  • Oracle9i Enterprise 9.2.0.4

  • Oracle9i Enterprise 9.2.0.5

  • Oracle9i Personal 8.1.7

  • Oracle9i Personal 9.0.1

  • Oracle9i Personal 9.0.1.4

  • Oracle9i Personal 9.0.1.5

  • Oracle9i Personal 9.2

  • Oracle9i Personal 9.2.0.1

  • Oracle9i Personal 9.2.0.2

  • Oracle9i Personal 9.2.0.3

  • Oracle9i Personal 9.2.0.4

  • Oracle9i Personal 9.2.0.5

  • Oracle9i Standard 8.1.7

  • Oracle9i Standard 9.0

  • Oracle9i Standard 9.0.1

  • Oracle9i Standard 9.0.1.2

  • Oracle9i Standard 9.0.1.3

  • Oracle9i Standard 9.0.1.4

  • Oracle9i Standard 9.0.1.5

  • Oracle9i Standard 9.0.2

  • Oracle9i Standard 9.2

  • Oracle9i Standard 9.2.0.1

  • Oracle9i Standard 9.2.0.2

  • Oracle9i Standard 9.2.0.3

  • Oracle9i Standard 9.2.0.4

  • Oracle9i Standard 9.2.0.5


References

CERT - TA04-245A

CERT-VN - VU#435974

XF - oracle-isqlplus-file-access(18656)

BID - 10871

MISC - http://www.ngssoftware.com/advisories/oracle23122004E.txt

BUGTRAQ - 20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)

SUNALERT - 101782


Last Updated: 27 May 2016 10:39:00