// For flags

CVE-2008-6065

Oracle Database Server 11.1 - 'CREATE ANY Directory' Privilege Escalation

Severity Score

5.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141.

Oracle Database Server v10.1, v10.2, y 11g concede permisos WRITE al directorio para rutas arbitrarias que están relacionadas con un estado CREATE OR REPLACE DIRECTORY, lo cual permite a usuarios autenticados con privilegios CREATE ANY DIRECTORY conseguir privilegios SYSDBA enlazando la ruta del directorio contraseña, y entonces sobre escribir el fichero contraseña a través de operaciones UTL_FILE, una cuestión relacionada con CVE-2006-7141.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-10-13 First Exploit
  • 2009-02-04 CVE Reserved
  • 2009-02-05 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-21 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
10.1
Search vendor "Oracle" for product "Database Server" and version "10.1"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
10.2
Search vendor "Oracle" for product "Database Server" and version "10.2"
-
Affected
Oracle
Search vendor "Oracle"
Database Server
Search vendor "Oracle" for product "Database Server"
11
Search vendor "Oracle" for product "Database Server" and version "11"
-
Affected