Overview
A vulnerability in Oracle Database for Microsoft Windows could allow a remote attacker to log on to the system with elevated privileges.
Description
A vulnerability exists in Oracle Database's Core Relational Database Management System (RDBMS) that may allow a remote attacker to log on to the system with elevated privileges. According to NGSSoftware-OracleCPUAPR2007: Due to the way that Windows XP with Simple File Sharing enabled logs on users it is possible for an attacker to gain DBA access to the Oracle server. |
Impact
A remote attacker could log on to a vulnerable system and gain elevated privileges. |
Solution
Apply a patch |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
- http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf
- http://www.ngssoftware.com/papers/database-on-xp.pdf
- http://support.microsoft.com/kb/307874
Acknowledgements
This issue is addressed in Oracle Critical Patch Update - April 2007.
This document was written by Chris Taschner.
Other Information
| CVE IDs: | None |
| Severity Metric: | 8.27 |
| Date Public: | 2007-04-17 |
| Date First Published: | 2007-04-18 |
| Date Last Updated: | 2007-04-24 18:06 UTC |
| Document Revision: | 26 |