ID CVE-2008-3982
Summary Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3983 and CVE-2008-3984.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_9i:9.2.0.8
    cpe:2.3:a:oracle:database_9i:9.2.0.8
  • cpe:2.3:a:oracle:database_9i:9.2.0.8dv
    cpe:2.3:a:oracle:database_9i:9.2.0.8dv
  • cpe:2.3:a:oracle:database_10g:10.1.0.5
    cpe:2.3:a:oracle:database_10g:10.1.0.5
  • cpe:2.3:a:oracle:database_10g:10.2.0.3
    cpe:2.3:a:oracle:database_10g:10.2.0.3
  • cpe:2.3:a:oracle:database_11i:11.1.0.6
    cpe:2.3:a:oracle:database_11i:11.1.0.6
CVSS
Base: 5.5 (as of 23-11-2016 - 12:47)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
metasploit via4
description This module exploits an sql injection flaw in the COMPRESSWORKSPACE procedure of the PL/SQL package SYS.LT. Any user with execute privilege on the vulnerable package can exploit this vulnerability.
id MSF:AUXILIARY/SQLI/ORACLE/LT_COMPRESSWORKSPACE
last seen 2019-03-31
modified 2017-07-24
published 2009-07-28
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/lt_compressworkspace.rb
title Oracle DB SQL Injection via SYS.LT.COMPRESSWORKSPACE
nessus via4
NASL family Databases
NASL id ORACLE_RDBMS_CPU_OCT_2008.NASL
description The remote Oracle database server is missing the October 2008 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Core RDBMS - Oracle Application Express - Oracle Data Capture - Oracle Data Mining - Oracle OLAP - Oracle Spatial - Upgrade - Workspace Manager
last seen 2019-02-21
modified 2018-11-15
plugin id 56062
published 2011-11-16
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=56062
title Oracle Database Multiple Vulnerabilities (October 2008 CPU)
refmap via4
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html
sectrack 1021050
secunia 32291
vupen ADV-2008-2825
xf oracle-database-workspace-priv-escalation1(45885)
Last major update 23-11-2016 - 13:01
Published 14-10-2008 - 17:11
Last modified 07-08-2017 - 21:32
Back to Top