CVE-2008-6065
Oracle Database Server 11.1 - 'CREATE ANY Directory' Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141.
Oracle Database Server v10.1, v10.2, y 11g concede permisos WRITE al directorio para rutas arbitrarias que están relacionadas con un estado CREATE OR REPLACE DIRECTORY, lo cual permite a usuarios autenticados con privilegios CREATE ANY DIRECTORY conseguir privilegios SYSDBA enlazando la ruta del directorio contraseña, y entonces sobre escribir el fichero contraseña a través de operaciones UTL_FILE, una cuestión relacionada con CVE-2006-7141.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-10-13 First Exploit
- 2009-02-04 CVE Reserved
- 2009-02-05 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/32475 | 2008-10-13 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 10.1 Search vendor "Oracle" for product "Database Server" and version "10.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 10.2 Search vendor "Oracle" for product "Database Server" and version "10.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Database Server Search vendor "Oracle" for product "Database Server" | 11 Search vendor "Oracle" for product "Database Server" and version "11" | - |
Affected
|