ID CVE-2005-2294
Summary Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
References
Vulnerable Configurations
  • Oracle Oracle Forms 4.5
    cpe:2.3:a:oracle:forms:4.5
  • Oracle Oracle Forms 6.0
    cpe:2.3:a:oracle:forms:6.0
  • Oracle Oracle Forms 6i
    cpe:2.3:a:oracle:forms:6i
  • Oracle Oracle Forms 9i
    cpe:2.3:a:oracle:forms:9i
CVSS
Base: 2.1 (as of 18-07-2005 - 10:52)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_118828.NASL
    description Sun Management Center 3.5.1: Solaris 8 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 23409
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23409
    title Solaris 8 (sparc) : 118828-04
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_118829.NASL
    description Sun Management Center 3.5.1: Solaris 9 Oracle Patch. Date this patch was last updated by Sun : Jun/02/05
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 23549
    published 2006-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23549
    title Solaris 9 (sparc) : 118829-04
refmap via4
bugtraq 20050713 Advisory: Oracle Forms Insecure Temporary File Handling
confirm http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
misc http://www.red-database-security.com/advisory/oracle_forms_unsecure_temp_file_handling.html
secunia 15991
xf formsbuilder-temp-file-info-disclosure(21347)
Last major update 17-10-2016 - 23:26
Published 18-07-2005 - 00:00
Last modified 10-07-2017 - 21:32
Back to Top