vendor:
Oracle Database
by:
Joxean Koret
7.5
CVSS
HIGH
Oracle10g R1 and R2 prior to CPU Oct 2006 exploit
CWE
Product Name: Oracle Database
Affected Version From: Oracle10g R1
Affected Version To: Oracle10g R2
Patch Exists: NO
Related CWE:
CPE: a:oracle:oracle_database:10g_r1
Platforms Tested:
2007
Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006
This exploit allows an attacker with CREATE SESSION privileges to insert malicious code into the sys.sysauth$ table in Oracle10g R1 and R2 prior to CPU Oct 2006. This can lead to unauthorized access and potential compromise of the system.
Mitigation:
Apply the CPU Oct 2006 patch or upgrade to a later version that includes the fix.