Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2613

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-2613
Last Modified 22 Oct 2012 10:48:44
Published 15 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-2613

Summary

Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is an untrusted search path issue that allows local users to gain privileges via a malicious (1) libclntsh.so or (2) libnnz10.so library.

Vulnerable Systems

Application

  • Oracle Database Scheduler

  • Oracle Database Server 10.2.0.4

  • Oracle Database Server 11.1.0.6


References

VUPEN - ADV-2008-2115

VUPEN - ADV-2008-2109

SECTRACK - 1020499

BUGTRAQ - 20080719 Oracle Database Local Untrusted Library Path Vulnerability

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html

SECUNIA - 31113

SECUNIA - 31087

IDEFENSE - 20080715 Oracle Database Local Untrusted Library Path Vulnerability

HP - HPSBMA02133

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

HP - SSRT061201


Last Updated: 27 May 2016 11:01:04