CVE-2008-2613 - Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0

CVE-2008-2613

Summary

Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is an untrusted search path issue that allows local users to gain privileges via a malicious (1) libclntsh.so or (2) libnnz10.so library.

References

Vulnerable Configurations

cpe:2.3:a:oracle:database_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_scheduler:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:11.1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:11.1.0.6:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 11-10-2018 - 20:41)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bugtraq	20080719 Oracle Database Local Untrusted Library Path Vulnerability
confirm	http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html
hp	HPSBMA02133 SSRT061201
idefense	20080715 Oracle Database Local Untrusted Library Path Vulnerability
sectrack	1020499
secunia	31087 31113
vupen	ADV-2008-2109 ADV-2008-2115

Last major update

11-10-2018 - 20:41

Published

15-07-2008 - 23:41

Last modified

11-10-2018 - 20:41