Info

Disclosure

Sep 09, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Oracle contains a flaw related to the scheduler functionality that may allow an attacker to gain DBA rights or gain remote operating system access. This flaw requires an authenticated user with the CREATE JOB system privilege. No further details have been provided.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Upgrade to version R1 10.1.0.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Oracle Corporation

Database 10g

R1 10.1.0.2

References

CVE ID: 2005-1496 (see also: NVD)
Vendor URL: http://www.oracle.com/
Vendor Specific Advisory URL: http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
Other Advisory URL: http://www.petefinnigan.com/dbms_scheduler.pdf

Credit

Pete Finnigan -

Direct URL: http://osvdb.org/9857