CVE-2005-1496

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Application Server
Vendor: CVE Published:; 11 May 2005

Summary

The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.

References

http://www.red-database-security.com/exploits/oracle_expl...

x_refsource_MISC

http://marc.info/?l=bugtraq&m=111531740305049&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/13509

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 11, 2005
Vulnerability Reserved
May 11, 2005