DB: Oracle 10g DBMS_EXPORT_EXTENSION Privilege Escalation
This signature detects attempts to exploit a known flaw in Oracle. Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. This can result in privilege escalation.
Extended Description
Oracle 10g is prone to an SQL-injection vulnerability. An attacker could exploit this to gain DBA privileges. This vulnerability was initially thought to have been fixed as part of the Oracle April 2006 Security Update (BID 17590), but this issue reportedly wasn't patched. Further information indicates that this issue also affects the 'GET_DOMAIN_INDEX_TABLES' and "GET_V2_DOMAIN_INDEX_TABLES' functions.
Affected Products
Oracle oracle10g_standard_edition
Short Name
DB:ORACLE:DBMS:EXPORT-EXTENSION
Severity
Major
Recommended
False
Recommended Action
None
Category
DB
Keywords
10g CVE-2006-2081 CVE-2006-3702 DBMS_EXPORT_EXTENSION Escalation Oracle Privilege bid:17699
Release Date
11/12/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle
CVSS Score
4.6
10.0