DB: Oracle Database DBMS_JVM_EXP_PERMS System Command Execution
This signature detects attempts to exploit a known flaw in Oracle. A privilege escalation vulnerability exists in Oracle Database server that can allow users with limited privileges to execute arbitrary operating system commands on a target server.
Extended Description
Oracle Database is prone to multiple remote privilege-escalation issues because it fails to properly restrict access to certain packages. The attacker can exploit these issues to escalate their privileges to DBA or execute arbitrary operating system commands with SYSTEM privileges, leading to a complete compromise of an affected computer. These vulnerabilities affect Oracle Database 11gR2. One of the issues also affects Oracle Database 10gR2.
Affected Products
Oracle oracle10g_standard_edition
Short Name
DB:ORACLE:DBMS:JVM-SYS-CMD
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
CVE-2010-0866 Command DBMS_JVM_EXP_PERMS Database Execution Oracle System bid:38115
Release Date
04/17/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Oracle
CVSS Score
6.5