Oracle.KUPP.PROC.And.Oradbg.Pathname.Privilege.Escalation
Description
This indicates a privilege escalation vulnerability in Oracle 10g and 11g.
This vulnerability is caused by an error in KUPP$PROC and a lack of checks on the value of "_oradbg_pathname". It allows attackers with IMP_FULL_DATABASE and CREATE SESSION rights to change schemas/user to SYS and grant DBA.
Affected Products
Oracle 10.2.0.2
Oracle 11.1.0.6
Impact
System compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any official fix for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |