Lucene search

[email protected]CVE-2004-1774

HistoryAug 31, 2004 - 4:00 a.m.

CVE-2004-1774

2004-08-3104:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

oracle

10g

buffer overflow

sdo_code_size

md2

cve-2004-1774

patch 2

7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.

CPENameOperatorVersion
oracle:oracle10goracle oracle10geqstandard_10.1.0.2
oracle:oracle10goracle oracle10geqpersonal_10.1.0.2
oracle:oracle10goracle oracle10geqenterprise_10.1.0.2
oracle:application_serveroracle application servereq10.1.0.2

CPE	Name	Operator	Version
oracle:oracle10g	oracle oracle10g	eq	standard_10.1.0.2
oracle:oracle10g	oracle oracle10g	eq	personal_10.1.0.2
oracle:oracle10g	oracle oracle10g	eq	enterprise_10.1.0.2
oracle:application_server	oracle application server	eq	10.1.0.2

References

lists.grok.org.uk/pipermail/full-disclosure/2004-September/025984.html

www.appsecinc.com/resources/alerts/oracle/2004-0001/

www.frsirt.com/exploits/20050413.OracleExploit.sql.php

www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

www.securiteam.com/securitynews/5CP010KE0W.html

www.securityfocus.com/bid/13145

exchange.xforce.ibmcloud.com/vulnerabilities/20078

7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Related for CVE-2004-1774

saint4 nessus2