1. CVE-Search
  2. CVE-2002-0567
ID CVE-2002-0567
Summary Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:database_server:8.1.7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:8.1.7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 10-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 4033
bugtraq 20020206 Remote Compromise in Oracle 9i Database Server
cert CA-2002-08
cert-vn VU#180147
confirm http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf
xf oracle-plsql-remote-access(8089)
Last major update 10-10-2017 - 01:30
Published 03-07-2002 - 04:00
Last modified 10-10-2017 - 01:30
Back to Top