This indicates a privilege escalation vulnerability in Oracle 10g and 11g.
This vulnerability is caused by an error in KUPP$PROC and a lack of checks on the value of "_oradbg_pathname". It allows attackers with IMP_FULL_DATABASE and CREATE SESSION rights to change schemas/user to SYS and grant DBA.
System compromise: Remote attackers can gain control of vulnerable systems.
Currently we are not aware of any official fix for this issue.