5.5
CVSSv2

CVE-2008-3996

Published: 14/10/2008 Updated: 08/08/2017
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
VMScore: 590
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Vulnerability Summary

Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

oracle database 10g 10.1.0.5

oracle database 10g 10.2.0.4

oracle database 11i 11.1.0.6

Metasploit Modules

Oracle DB SQL Injection via SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE

The module exploits an sql injection flaw in the ALTER_HOTLOG_INTERNAL_CSOURCE procedure of the PL/SQL package DBMS_CDC_IPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. Affected versions: Oracle Database Server versions 10gR1, 10gR2 and 11gR1. Fixed with October 2008 CPU.

msf > use auxiliary/sqli/oracle/dbms_cdc_ipublish
      msf auxiliary(dbms_cdc_ipublish) > show actions
            ...actions...
      msf auxiliary(dbms_cdc_ipublish) > set ACTION <action-name>
      msf auxiliary(dbms_cdc_ipublish) > show options
            ...show and set options...
      msf auxiliary(dbms_cdc_ipublish) > run