[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

254492

 
 

909

 
 

198541

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-2613Date: (C)2008-07-15   (M)2023-12-22


Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is an untrusted search path issue that allows local users to gain privileges via a malicious (1) libclntsh.so or (2) libnnz10.so library.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1020499
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=727
http://www.securityfocus.com/archive/1/494544/100/0/threaded
SECUNIA-31087
SECUNIA-31113
ADV-2008-2109
ADV-2008-2115
SSRT061201
http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

CPE    2
cpe:/a:oracle:database_server:11.1.0.6
cpe:/a:oracle:database_server:10.2.0.4

© SecPod Technologies