CVE-2008-2613

Severity

65%

Complexity

80%

Confidentiality

106%

Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is an untrusted search path issue that allows local users to gain privileges via a malicious (1) libclntsh.so or (2) libnnz10.so library.

Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is an untrusted search path issue that allows local users to gain privileges via a malicious (1) libclntsh.so or (2) libnnz10.so library.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

Type

Oracle Database Server

First reported 16 years ago

2008-07-15 23:41:00

Last updated 6 years ago

2018-10-11 20:41:00

Affected Software

オラクル データベースサーバ 10g 10.2.0.4

10.2.0.4

Oracle Database Server 11g 11.1.0.6

11.1.0.6

References

SSRT061201

20080715 Oracle Database Local Untrusted Library Path Vulnerability

31087

Vendor Advisory

31113

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

20080719 Oracle Database Local Untrusted Library Path Vulnerability

1020499

ADV-2008-2109

Vendor Advisory

ADV-2008-2115

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.