Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.5
CVSSv2

CVE-2004-1364

Published: 04/08/2004 Updated: 19/10/2018
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
VMScore: 860
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Subscribe to Application Server

Vulnerability Summary

Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote malicious users to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.

Vulnerable Product Search on Vulmon Subscribe to Product

oracle application server 9.0.2.0.1

oracle application server 9.0.2.1

oracle collaboration suite release_1

oracle application server

oracle application server 9.0.3

oracle application server 9.0.3.1

oracle application server 9.0.4

oracle e-business suite 11.5.4

oracle e-business suite 11.5.5

oracle enterprise manager database control 10.1.2

oracle enterprise manager grid control 10.1.0.2

oracle oracle8i enterprise_8.0.6_.0.0

oracle oracle8i enterprise_8.0.6_.0.1

oracle oracle8i enterprise_8.1.7_.1.0

oracle oracle8i enterprise_8.1.7_.4

oracle oracle8i standard_8.1.7_.1

oracle oracle8i standard_8.1.7_.4

oracle oracle9i enterprise_9.2.0.1

oracle oracle9i enterprise_9.2.0.2

oracle oracle9i personal_9.0.1.5

oracle oracle9i personal_9.2

oracle oracle9i standard_9.0

oracle oracle9i standard_9.0.1

oracle oracle9i standard_9.2.0.2

oracle oracle9i standard_9.2.0.3

oracle application server 9.0.2

oracle application server 9.0.2.0.0

oracle application server 9.0.4.0

oracle application server 9.0.4.1

oracle e-business suite 11.5.6

oracle e-business suite 11.5.7

oracle oracle10g enterprise_10.1.0.2

oracle oracle10g enterprise_9.0.4_.0

oracle oracle8i enterprise_8.1.5_.0.0

oracle oracle8i enterprise_8.1.5_.0.2

oracle oracle8i standard_8.0.6

oracle oracle8i standard_8.0.6_.3

oracle oracle9i client_9.2.0.1

oracle oracle9i client_9.2.0.2

oracle oracle9i enterprise_9.2.0.3

oracle oracle9i enterprise_9.2.0.4

oracle oracle9i personal_9.2.0.1

oracle oracle9i personal_9.2.0.2

oracle oracle9i standard_9.0.1.2

oracle oracle9i standard_9.0.1.3

oracle oracle9i standard_9.2.0.4

oracle oracle9i standard_9.2.0.5

oracle e-business suite 11.5.1

oracle e-business suite 11.5.8

oracle e-business suite 11.5.9

oracle oracle10g personal_10.1_.0.2

oracle oracle10g personal_9.0.4_.0

oracle oracle8i enterprise_8.1.5_.1.0

oracle oracle8i enterprise_8.1.6_.0.0

oracle oracle8i standard_8.1.5

oracle oracle8i standard_8.1.6

oracle oracle9i enterprise_8.1.7

oracle oracle9i enterprise_9.0.1

oracle oracle9i enterprise_9.0.1.4

oracle oracle9i enterprise_9.2.0.5

oracle oracle9i personal_8.1.7

oracle oracle9i personal_9.2.0.3

oracle oracle9i personal_9.2.0.4

oracle oracle9i standard_9.0.1.4

oracle oracle9i standard_9.0.1.5

oracle oracle9i standard_9.0.2

oracle application server 9.0.2.2

oracle application server 9.0.2.3

oracle e-business suite 11.5.2

oracle e-business suite 11.5.3

oracle enterprise manager 9

oracle enterprise manager 9.0.1

oracle oracle10g standard_10.1_.0.2

oracle oracle10g standard_9.0.4_.0

oracle oracle8i enterprise_8.0.5_.0.0

oracle oracle8i enterprise_8.1.6_.1.0

oracle oracle8i enterprise_8.1.7_.0.0

oracle oracle8i standard_8.1.7

oracle oracle8i standard_8.1.7_.0.0

oracle oracle9i enterprise_9.0.1.5

oracle oracle9i enterprise_9.2.0

oracle oracle9i personal_9.0.1

oracle oracle9i personal_9.0.1.4

oracle oracle9i personal_9.2.0.5

oracle oracle9i standard_8.1.7

oracle oracle9i standard_9.2

oracle oracle9i standard_9.2.0.1

Exploits

Exploit DB: raptor_oraextproc.sql.txt
This PL/SQL code exploits the Oracle extproc directory traversal bug to remotely execute arbitrary OS commands with the privileges of the DBMS user All versions of Oracle 9i are susceptible Oracle 10g versions prior to 10103 are susceptible ...
Exploit DB: Oracle 9i - Multiple Vulnerabilities
source: wwwsecurityfocuscom/bid/10871/info Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others There have also been reports that issues covered in this BID and resolved in the referenced Oracle patc ...
Exploit DB: Oracle 9i/10g - 'extproc' Local/Remote Command Execution
-- -- $Id: raptor_oraextprocsql,v 11 2006/12/19 14:21:00 raptor Exp $ -- -- raptor_oraextprocsql - command exec via oracle extproc -- Copyright (c) 2006 Marco Ivaldi <raptor@0xdeadbeefinfo> -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g -- allows remote attackers to access arbitrary libraries outside of the -- $ ...

References

CWE-22http://www.ngssoftware.com/advisories/oracle23122004B.txthttp://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdfhttp://www.us-cert.gov/cas/techalerts/TA04-245A.htmlhttp://www.securityfocus.com/bid/10871http://www.kb.cert.org/vuls/id/316206http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sqlhttp://marc.info/?l=bugtraq&m=110382406002365&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/18658http://www.securityfocus.com/archive/1/454861/100/0/threadedhttps://nvd.nist.govhttps://packetstormsecurity.com/files/53183/raptor_oraextproc.sql.txt.htmlhttps://www.exploit-db.com/exploits/24353/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook