Oracle Security Alert #68

High Nessus Network Monitor Plugin ID 2277

Synopsis

The remote host appears to be running a vulnerable version of Oracle Database Server.

Description

The remote host appears to be running a vulnerable version of Oracle Database Server. It is reported that Oracle Database Server version 8.1.7, 9.0.1.4, 9.0.1.5, 9.0.4, 9.2.0.4, 9.2.0.5 and 10.1.0.2 are prone to multiple vulnerabilities including buffer overflow issues, PL/SQL injection, trigger abuse, character set conversion bugs and denial of service issues. An attacker may exploit these vulnerabilities to deny service to legitimate users or to execute arbitrary code on the remote server.

Solution

Download and install the relevant patch from Oracle.

See Also

http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

Plugin Details

Severity: High

ID: 2277

Family: Database

Published: 2004/09/13

Modified: 2016/01/21

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:U/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:U/RC:C

Exploitable With

Core Impact

Reference Information

CVE: CVE-2004-1362, CVE-2004-1363, CVE-2004-1364, CVE-2004-1365, CVE-2004-1366, CVE-2004-1368, CVE-2004-1369, CVE-2004-1370, CVE-2004-1371, CVE-2004-0637, CVE-2004-0638

BID: 11120, 11100, 11091, 10871, 11099