iDefense Security Advisory 01.12.09 - Local exploitation of an arbitrary file rewrite vulnerability in Oracle Corp.'s Oracle Database 10g Release 2 database product allows attackers to gain elevated privileges. The vulnerability exists in a function that allows a user with an authenticated session to create any file or rewrite any files to which the database account has access. iDefense has confirmed the existence of this vulnerability in Oracle Database 10g Release 2 version 10.2.0.3.0 on 32-bit Linux platform and Windows platform. Previous versions may also be affected. Oracle Database 11g Release 1 version 11.1.0.6.0 is not affected by this vulnerability.
610c95b870b142b03e112907707ba9657094278aaa69f7396c8de41722da6c51
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed