The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
oracle application server 10.1.0.2 |
||
oracle application server 10.1.0.3 |
||
oracle oracle10g personal_10.1.0.3.1 |
||
oracle oracle10g standard_10.1.0.2 |
||
oracle oracle10g enterprise_10.1.0.3 |
||
oracle oracle10g enterprise_10.1.0.3.1 |
||
oracle oracle10g personal_10.1.0.2 |
||
oracle oracle10g personal_10.1.0.3 |
||
oracle application server 10.1.0.3.1 |
||
oracle oracle10g enterprise_10.1.0.2 |
||
oracle oracle10g standard_10.1.0.3 |
||
oracle oracle10g standard_10.1.0.3.1 |
Vulmon