Vulnerability Name:

CVE-2002-0567 (CCN-8089)

Assigned:2002-02-06
Published:2002-02-06
Updated:2017-10-10
Summary:Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2002-0567

Source: BUGTRAQ
Type: UNKNOWN
20020206 Remote Compromise in Oracle 9i Database Server

Source: CCN
Type: Oracle Security Alert #29
Oracle PL/SQL EXTPROC in Oracle9i Database

Source: CONFIRM
Type: Patch, Vendor Advisory
http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf

Source: CCN
Type: CERT Advisory CA-2002-08
Multiple vulnerabilities in Oracle Servers

Source: CERT
Type: Patch, Third Party Advisory, US Government Resource
CA-2002-08

Source: CCN
Type: CIAC Information Bulletin M-047
Oracle PL/SQL EXTPROC Database Vulnerability

Source: CCN
Type: US-CERT VU#180147
Oracle 9i Database Server PL/SQL module allows remote command execution without authentication

Source: CERT-VN
Type: US Government Resource
VU#180147

Source: CCN
Type: NGSSoftware Insight Security Research Advisory #NISR06022002A
Oracle Remote Compromise

Source: CCN
Type: OSVDB ID: 5234
Oracle PL/SQL Package for External Procedures (EXTPROC) TNS Listener Authentication Bypass

Source: BID
Type: Patch, Vendor Advisory
4033

Source: CCN
Type: BID-4033
Oracle TNS Listener Arbitrary Library Call Execution Vulnerability

Source: XF
Type: UNKNOWN
oracle-plsql-remote-access(8089)

Source: XF
Type: UNKNOWN
oracle-plsql-remote-access(8089)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:database_server:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:enterprise_8.0.5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:enterprise_8.0.6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:enterprise_8.0.6.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:enterprise_8.1.5.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:enterprise_8.1.5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:enterprise_8.1.5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:enterprise_8.1.6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:enterprise_8.1.6.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:enterprise_8.1.7.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:enterprise_8.1.7.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:database_server:8.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.1.7.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle database server 8.0.1
    oracle database server 8.0.2
    oracle database server 8.0.3
    oracle database server 8.0.4
    oracle database server 8.0.5
    oracle database server 8.0.5.1
    oracle database server 8.0.6
    oracle database server 8.1.5
    oracle database server 8.1.6
    oracle database server 8.1.7
    oracle database server 8.1.7.0.0
    oracle oracle8i 8.1.5
    oracle oracle8i 8.1.6
    oracle oracle8i 8.1.7
    oracle oracle8i 8.1.7.1
    oracle oracle8i enterprise_8.0.5.0.0
    oracle oracle8i enterprise_8.0.6.0.0
    oracle oracle8i enterprise_8.0.6.0.1
    oracle oracle8i enterprise_8.1.5.0.0
    oracle oracle8i enterprise_8.1.5.0.2
    oracle oracle8i enterprise_8.1.5.1.0
    oracle oracle8i enterprise_8.1.6.0.0
    oracle oracle8i enterprise_8.1.6.1.0
    oracle oracle8i enterprise_8.1.7.0.0
    oracle oracle8i enterprise_8.1.7.1.0
    oracle oracle9i 9.0
    oracle oracle9i 9.0.1
    oracle database server 8.1.5
    oracle database server 8.1.6
    oracle database server 8.1.7
    oracle database server 8.0.5
    oracle database server 8.0.6
    oracle database server 9.0.1
    oracle database server 9.0
    oracle database server 8.1.7.4
    oracle database server 8.0.1
    oracle database server 8.0.2
    oracle database server 8.0.3
    oracle database server 8.0.4
    oracle database server 8.0.5.1
    oracle database server 8.1.7.1
    oracle database server 8.1.7.0.0