Vulnerability Name:

CVE-2004-0637 (CCN-17257)

Assigned:2004-09-01
Published:2004-09-01
Updated:2008-09-10
Summary:Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Privileges
References:Source: CCN
Type: BugTraq Mailing List, Thu Jul 07 2005 - 11:13:29 CDT
Problems with the Oracle Critical Patch Update for April 2005

Source: CCN
Type: Full-Disclosure Mailing List, Sun Sep 05 2004 - 15:38:48 CDT
SQL Injection via CTXSYS.DRILOAD in Oracle 8i/9i

Source: MITRE
Type: CNA
CVE-2004-0637

Source: CCN
Type: iDEFENSE Security Advisory 09.02.04
Oracle Database Server ctxsys.driload Access Validation Vulnerability

Source: CCN
Type: SA12409
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
12409

Source: CCN
Type: CIAC Information Bulletin 0-209
Oracle Database Server Vulnerabilities

Source: IDEFENSE
Type: Patch, Vendor Advisory
20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability

Source: CCN
Type: US-CERT VU#170830
Oracle Enterprise Manager contains several vulnerabilities

Source: CCN
Type: US-CERT VU#316206
Oracle Database Server contains several vulnerabilities

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#316206

Source: CCN
Type: Oracle Security Alert #68
This security alert addresses security vulnerabilities in Oracle’s server products.

Source: CCN
Type: OSVDB ID: 9819
Oracle CTXSYS Package DRILOAD SQL Injection

Source: CCN
Type: OSVDB ID: 9861
Oracle SQL*Plus SYS_CONTEXT() Function Overflow

Source: CCN
Type: OSVDB ID: 9865
Oracle DRIDDLR Package SUBINDEXPOPULATE Procedure Overflow

Source: CCN
Type: OSVDB ID: 9866
Oracle SDO_ADMIN Package SDO_CODE_SIZE Procedure Overflow

Source: CCN
Type: OSVDB ID: 9868
Oracle LTUTIL Package PUSHDEFERREDTXNS Procedure Overflow

Source: CCN
Type: OSVDB ID: 9869
Oracle DBMS_REPCAT_RQ Package ADD_COLUMN Procedure Overflow

Source: CCN
Type: OSVDB ID: 9870
Oracle DBMS_REPCAT_UTL Package IS_MASTER Procedure Overflow

Source: CCN
Type: OSVDB ID: 9871
Oracle DBMS_INTERNAL_REPCAT Package Multiple Procedure Overflow

Source: CCN
Type: OSVDB ID: 9872
Oracle DBMS_DEFER_REPCAT Package ENABLE_PROPAGATION_TO_DBLINK Procedure Overflow

Source: CCN
Type: OSVDB ID: 9873
Oracle DBMS_AQADM_SYS Package VERIFY_QUEUE_TYPES Procedure Overflow

Source: CCN
Type: OSVDB ID: 9874
Oracle DBMS_RECTIFIER_DIFF Package DIFFERENCES Procedure Overflow

Source: CCN
Type: OSVDB ID: 9875
Oracle DBMS_DEFER_INTERNAL_SYS Package PARALLEL_PUSH_RECOVERY Procedure Overflow

Source: CCN
Type: OSVDB ID: 9876
Oracle DBMS_AQADM Package Multiple Procedure Overflow

Source: CCN
Type: OSVDB ID: 9877
Oracle DBMS_AQ_IMPORT_INTERNAL Package AQ_TABLE_DEFN_UPDATE Procedure Overflow

Source: CCN
Type: OSVDB ID: 9878
Oracle iSQL*Plus login.uix Multiple Parameter Overflows

Source: CCN
Type: OSVDB ID: 9879
Oracle Replication Management API Multiple Procedure Overflow

Source: CCN
Type: OSVDB ID: 9880
Oracle DBMS_REPCAT* Package fname Parameter Overflow

Source: CCN
Type: OSVDB ID: 9881
Oracle DBMS_REPCAT_RGT Package Multiple Function Overflows

Source: CCN
Type: OSVDB ID: 9882
Oracle DBMS_REPCAT_ADMIN Package Multiple Procedure Overflow

Source: CCN
Type: OSVDB ID: 9883
Oracle DBMS_REPCAT Package Multiple Parameter Overflow

Source: CCN
Type: OSVDB ID: 9884
Oracle DBMS_REPCAT_INSTANTIATE Package Multiple Function Overflow

Source: CCN
Type: OSVDB ID: 9885
Oracle DATAFILE Parameter Overflow

Source: CCN
Type: OSVDB ID: 9886
Oracle FILE Parameter Overflow

Source: CCN
Type: OSVDB ID: 9887
Oracle CONTROLFILE Parameter Overflow

Source: CCN
Type: OSVDB ID: 9888
Oracle LOGFILE Parameter Overflow

Source: CCN
Type: OSVDB ID: 9889
Oracle TEMPFILE Parameter Overflow

Source: CCN
Type: OSVDB ID: 9890
Oracle String Conversion Function Overflow

Source: CCN
Type: OSVDB ID: 9891
Oracle Interval Conversion Functions Overflow

Source: CCN
Type: OSVDB ID: 9892
Oracle CTX_OUTPUT Package Function Overflow

Source: CCN
Type: BID-10871
Oracle Multiple Unspecified Vulnerabilities

Source: BID
Type: UNKNOWN
11099

Source: CCN
Type: BID-11099
Oracle Database Server ctxsys.driload Access Validation Vulnerability

Source: XF
Type: UNKNOWN
oracle-ctxsys-gain-privileges(17257)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle oracle8i enterprise_8.1.7_.4
    oracle oracle8i standard_8.1.7_.4
    oracle oracle9i enterprise_9.2.0.4
    oracle oracle9i personal_9.2.0.4
    oracle oracle9i standard_9.0.1.3
    oracle oracle9i standard_9.2.0.4
    oracle database server 8.1.7.4