ID CVE-2005-1495
Summary Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. Applying patchset 10.1.0.4 is fixing this issue for Oracle 10g. Oracle 9i is still vulnerable.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:application_server:10.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:10.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:10.1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:10.1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server:10.1.0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:10.1.0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:release_2_9.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:release_2_9.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oracle9i:release_2_9.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:oracle9i:release_2_9.2.2:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 16258
bugtraq 20050505 Oracle 9i / 10g Fine Grained Auditing Issue
cert-vn VU#777773
misc http://www.red-database-security.com/advisory/oracle-fine-grained-auditing-issue.html
xf oracle-audit-data-manipulation(20407)
Last major update 11-07-2017 - 01:32
Published 11-05-2005 - 04:00
Back to Top