Fine Grained Audit Bypass in Oracle Database 9i and 10g
CVE-2005-1495

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Oracle9i; Application Server
Vendor: CVE Published:; 11 May 2005

Summary

In Oracle Database versions 9i and 10g, the Fine Grained Audit (FGA) feature is disabled when the SYS user executes a SELECT statement on an FGA-managed object. This behavior creates a significant gap in security audits, allowing attackers to perform unauthorized actions without triggering necessary alarms. Consequently, malicious activities may go unnoticed, leading to potential data breaches.

References

http://www.securityfocus.com/bid/16258

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/777773

third-party-advisoryx_refsource_CERT-VN

https://exchange.xforce.ibmcloud.com/vulnerabilities/20407

vdb-entryx_refsource_XF

Timeline

Vulnerability published
May 11, 2005
Vulnerability Reserved
May 11, 2005