| Vulnerability Name: | CVE-2005-1496 (CCN-20410) | ||||||||
| Assigned: | 2005-05-05 | ||||||||
| Published: | 2005-05-05 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. Applying patchset 10.1.0.4 is fixing this issue. | ||||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P) 3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-1496 Source: BUGTRAQ Type: UNKNOWN 20050505 Oracle 10g DBMS_SCHEDULER SESSION_USER issue Source: CCN Type: Oracle Database Documentation Library Oracle Database ONline Documentation 10g Release 1 (10.1) Source: CCN Type: Oracle Database Web page Oracle Database Source: CCN Type: Oracle Database Server Patch Sets Web page Oracle Database Server Patch Sets Source: CCN Type: Red Database Security VU#176909 DBMS_SCHEDULER SESSION_USER issue in Oracle 10g Source: MISC Type: Exploit, Patch http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html Source: BID Type: Exploit, Vendor Advisory 13509 Source: CCN Type: BID-13509 Oracle 10g DBMS_Scheduler Privilege Escalation Vulnerability Source: XF Type: UNKNOWN oracle10g-gain-privileges(20410) Source: XF Type: UNKNOWN oracle10g-gain-privileges(20410) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||