Oracle 10g DBMS_Scheduler Privilege Escalation Vulnerability
BID:13509
Info
Oracle 10g DBMS_Scheduler Privilege Escalation Vulnerability
| Bugtraq ID: | 13509 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 05 2005 12:00AM |
| Updated: | May 05 2005 12:00AM |
| Credit: | Red-Database-Security GmbH is credited with the discovery of this vulnerability. |
| Vulnerable: |
Oracle Oracle10g Standard Edition 10.1 .0.3.1 Oracle Oracle10g Standard Edition 10.1 .0.3 Oracle Oracle10g Standard Edition 10.1 .0.2 Oracle Oracle10g Personal Edition 10.1 .0.3.1 Oracle Oracle10g Personal Edition 10.1 .0.3 Oracle Oracle10g Personal Edition 10.1 .0.2 Oracle Oracle10g Enterprise Edition 10.1 .0.3.1 Oracle Oracle10g Enterprise Edition 10.1 .0.3 Oracle Oracle10g Enterprise Edition 10.1 .0.2 Oracle Oracle10g Application Server 10.1 .0.3.1 Oracle Oracle10g Application Server 10.1 .0.3 Oracle Oracle10g Application Server 10.1 .0.2 |
| Not Vulnerable: |
Oracle Oracle10g Standard Edition 10.1 .0.4 Oracle Oracle10g Personal Edition 10.1 .0.4 Oracle Oracle10g Enterprise Edition 10.1 .0.4 Oracle Oracle10g Application Server 10.1 .0.4 |
Discussion
Oracle 10g DBMS_Scheduler Privilege Escalation Vulnerability
Oracle database is prone to a privilege escalation vulnerability. A user with 'create job' privileges can switch the 'session_user' to 'SYS'. This will facilitate privilege escalation.
This issue is reported to be addressed in the 10.0.1.14 patch set for Oracle.
Oracle database is prone to a privilege escalation vulnerability. A user with 'create job' privileges can switch the 'session_user' to 'SYS'. This will facilitate privilege escalation.
This issue is reported to be addressed in the 10.0.1.14 patch set for Oracle.
Exploit / POC
Oracle 10g DBMS_Scheduler Privilege Escalation Vulnerability
An exploit is nor required.
The following proof of concept exploit is available:
http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html
An exploit is nor required.
The following proof of concept exploit is available:
http://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.html
Solution / Fix
Oracle 10g DBMS_Scheduler Privilege Escalation Vulnerability
Solution:
This issue has reportedly been addressed in the 10.0.1.4 patch set for Oracle.
Solution:
This issue has reportedly been addressed in the 10.0.1.4 patch set for Oracle.
References
Oracle 10g DBMS_Scheduler Privilege Escalation Vulnerability
References:
References:
- DBMS_SCHEDULER SESSION_USER issue in Oracle 10g (Red-Database-Security GmbH)
- Oracle Homepage (Oracle)