CVE-2004-1338 in Oracle9iinfo

Summary

The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

01/06/2005

Disclosure

12/23/2004

Moderation

VulDB entry created

Entries

VDB-22600 (1)

CPE

ready

CWE

CWE-264 (Confirmed)

CVSS

6.3

EPSS

0.00303

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-1338
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1338
CVE Details	https://www.cvedetails.com/cve/CVE-2004-1338/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!