virus logo Intrusion Prevention

Oracle.KUPP.PROC.And.Oradbg.Pathname.Privilege.Escalation

description-logoDescription

This indicates a privilege escalation vulnerability in Oracle 10g and 11g.
This vulnerability is caused by an error in KUPP$PROC and a lack of checks on the value of "_oradbg_pathname". It allows attackers with IMP_FULL_DATABASE and CREATE SESSION rights to change schemas/user to SYS and grant DBA.

affected-products-logoAffected Products

Oracle 10.2.0.2
Oracle 11.1.0.6

Impact logoImpact

System compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are not aware of any official fix for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.petefinnigan.com/weblog/archives/00001126.htm
ID 15151
Created Nov 14, 2007
Updated Jan 13, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action pass
Active
Affected OS Windows, Linux, Solaris
Affected App Oracle