CVE-2004-1338

Published Dec 23, 2004

Last updated 7 years ago

CVSS info 6.5

Overview

Description: The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:database_server:10.2.1:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABF498E5-F7DF-41F4-BC47-AB66E69BC89F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DA959EE-44EE-4B81-B7D3-E1C4B9B29FAD"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED7598BA-C4F9-46C7-A90D-F80697EA9E4A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D52D7F1A-7ADF-439B-9FF6-BF0D18CEF3A5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBAA75E1-6ED1-400E-9BBE-1890D7D0FA28"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D24685E-293E-4292-A7FC-E463723FFA9D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A1207BD-F50A-4E5E-89E8-E016AF356149"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79C42FED-8E75-4AAD-9870-CD16508DDF86"
          },
          {
            "criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34E38EFA-AEFB-4B9E-913C-FFE3C2DABFC7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References