Intrusion Prevention

Oracle.DBMS.Login.Trigger.AUTH_ALTER_SESSION.Bypass

Description

This indicates an attack attempt against an access control bypass vulnerability in Oracle Database.
This vulnerability is due to the software's inability to properly handle a logon trigger. A remote attacker could exploit this to bypass the AUTH_ALTER_SESSION security policies.

Affected Products

Oracle Enterprise Search version 10.1.0.5 and 10.2.0.3

Impact

System compromise

Recommended Actions

Apply the patch, available from the following web site:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html

CVE References

CVE-2006-0547 CVE-2007-2112

Other References

Bypass Oracle Logon Trigger