Local Command Execution Vulnerability in Oracle Database Server
CVE-2004-0637

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle8i; Oracle9i
Vendor: CVE Published:; 2 September 2004

Summary

The Oracle Database Server versions 8.1.7.4 to 9.2.0.4 contain a vulnerability in the ctxsys.driload package that allows local users to execute commands with elevated privileges. This security flaw arises because the ctxsys.driload package is publicly accessible, which could be exploited to gain unauthorized access to sensitive system functionalities.

References

http://www.securityfocus.com/bid/11099

vdb-entryx_refsource_BID

http://www.idefense.com/application/poi/display?id=136&ty...

third-party-advisoryx_refsource_IDEFENSE

http://www.kb.cert.org/vuls/id/316206

third-party-advisoryx_refsource_CERT-VN

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 2, 2004
Vulnerability Reserved
Jul 7, 2004