Intrusion Prevention

Oracle.DBMS.Scheduler.Privilege.Escalation

Description

This indicates a possible exploit of a privilege escalation vulnerability in DBMS_Scheduler in Oracle 10g, that may allow remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.

Affected Products

Oracle Oracle10g Standard Edition 10.1.0.3.1
Oracle Oracle10g Standard Edition 10.1.0.3
Oracle Oracle10g Standard Edition 10.1.0.2
Oracle Oracle10g Personal Edition 10.1.0.3.1
Oracle Oracle10g Personal Edition 10.1.0.3
Oracle Oracle10g Personal Edition 10.1.0.2
Oracle Oracle10g Enterprise Edition 10.1.0.3.1
Oracle Oracle10g Enterprise Edition 10.1.0.3
Oracle Oracle10g Enterprise Edition 10.1.0.2
Oracle Oracle10g Application Server 10.1.0.3.1
Oracle Oracle10g Application Server 10.1.0.3
Oracle Oracle10g Application Server 10.1.0.2

Impact

Privilege escalation.

Recommended Actions

Update to 10.1.0.4
http://www.oracle.com

CVE References

CVE-2005-1496