Privilege Escalation Vulnerability in Oracle 10g DBMS_Scheduler
CVE-2005-1496

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle10g; Application Server
Vendor: CVE Published:; 11 May 2005

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2005-1496?

The DBMS_Scheduler component in Oracle 10g contains a security flaw that allows remote attackers, who possess CREATE JOB privileges, to change their session user to the SYS user. This unauthorized privilege escalation can enable attackers to perform actions beyond their intended access level, posing a significant risk to database integrity and security. Proper configuration and access controls are essential to mitigate this risk.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2005-1496 - Proof of Concept

References

http://www.red-database-security.com/exploits/oracle_expl...

x_refsource_MISC

http://marc.info/?l=bugtraq&m=111531740305049&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/13509

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 11, 2005
👾
Exploit known to exist
May 11, 2005
Vulnerability published
May 11, 2005
Vulnerability Reserved
May 11, 2005

CVE-2005-1496 Data

JSON