Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is (C) 2004-2022 Tenable Network Security, Inc.ORACLE_CREATE_JOB_VULN.NASL
HistorySep 02, 2004 - 12:00 a.m.

Oracle Database Multiple Remote Vulnerabilities (Mar 2005)

2004-09-0200:00:00
This script is (C) 2004-2022 Tenable Network Security, Inc.
www.tenable.com
102
JSON

The remote Oracle Database, according to its version number, contains a remote command execution vulnerability that may allow an attacker who can execute SQL statements with certain privileges to execute arbitrary commands on the remote host.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

if (NASL_LEVEL < 2200) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14641);
  script_version("1.36");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2004-0637",
    "CVE-2004-0638",
    "CVE-2004-1362",
    "CVE-2004-1363",
    "CVE-2004-1364",
    "CVE-2004-1365",
    "CVE-2004-1366",
    "CVE-2004-1367",
    "CVE-2004-1368",
    "CVE-2004-1369",
    "CVE-2004-1370",
    "CVE-2004-1371"
  );
  script_bugtraq_id(
    10871,
    11091,
    11099,
    11100,
    11120
  );

  script_name(english:"Oracle Database Multiple Remote Vulnerabilities (Mar 2005)");

  script_set_attribute(attribute:"synopsis", value:
"The remote database server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Database, according to its version number, contains
a remote command execution vulnerability that may allow an attacker
who can execute SQL statements with certain privileges to execute
arbitrary commands on the remote host.");
  # http://web.archive.org/web/20041108030501/http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e1d0c17a");
  script_set_attribute(attribute:"solution", value:
"Apply vendor-supplied patches.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-10-031");
  script_cwe_id(22, 94, 119, 200, 255);

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/09/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/02");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is (C) 2004-2022 Tenable Network Security, Inc.");

  script_dependencies("oracle_tnslsnr_version.nasl");
  script_require_ports("Services/oracle_tnslsnr");

  exit(0);
}


include('global_settings.inc');

if ( report_paranoia < 1 ) exit(0);

port = get_kb_item("Services/oracle_tnslsnr");
if ( isnull(port)) exit(0);

version = get_kb_item(string("oracle_tnslsnr/",port,"/version"));
if (version)
{
  if (ereg(pattern:".*Version (8\.(0\.([0-5]\.|6\.[0-3])|1\.([0-6]\.|7\.[0-4]))|9\.(0\.(0\.|1\.[0-5]|2\.[0-3]|3\.[0-1]|4\.[0-1])|2\.0\.[0-5])|10\.(0\.|1\.0\.[0-2]))", string:version)) security_hole(port);
}
VendorProductVersionCPE
oracledatabase_servercpe:/a:oracle:database_server

Related

nessus 4
checkpoint_advisories 4
cve 12
securityvulns 2
packetstorm 1
exploitpack 2
seebug 3
exploitdb 2
nessus
nessus
Oracle Database Multiple Vulnerabilities (January 2005 CPU)
2005-01-19 00:00:00
Solaris 8 (sparc) : 118828-04
2006-11-06 00:00:00
Solaris 9 (sparc) : 118829-04
2006-11-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)
2009-11-16 00:00:00
Oracle 10g iSQLPLus Service Heap Overflow (CVE-2004-1371)
2009-12-14 00:00:00
Oracle Database Server MD2 package VALIDATE_GEOM procedure Buffer Overflow (CVE-2004-1364)
2009-12-22 00:00:00
cve
cve
CVE-2004-1366
2004-08-04 04:00:00
CVE-2004-1363
2004-08-04 04:00:00
CVE-2004-1368
2004-08-04 04:00:00
securityvulns
securityvulns
[Full-Disclosure] iDEFENSE Security Advisory 09.02.04b: Oracle Database Server ctxsys.driload Access Validation Vulnerability
2004-09-03 00:00:00
[Full-Disclosure] iDEFENSE Security Advisory 09.02.04a: Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability
2004-09-03 00:00:00
packetstorm
packetstorm
raptor_oraextproc.sql.txt
2006-12-22 00:00:00
exploitpack
exploitpack
Oracle 9i - Multiple Vulnerabilities
2004-08-04 00:00:00
Oracle 9i10g - extproc LocalRemote Command Execution
2006-12-19 00:00:00
seebug
seebug
Oracle &lt;= 9i / 10g (extproc) Local/Remote Command Execution Exploit
2006-12-20 00:00:00
Oracle <= 9i / 10g (extproc) - Local/Remote Command Execution Exploit
2014-07-01 00:00:00
Oracle 9i Multiple Unspecified Vulnerabilities
2014-07-01 00:00:00
exploitdb
exploitdb
Oracle 9i/10g - &#039;extproc&#039; Local/Remote Command Execution
2006-12-19 00:00:00
Oracle 9i - Multiple Vulnerabilities
2004-08-04 00:00:00
JSON
Related for ORACLE_CREATE_JOB_VULN.NASL
nessus4checkpoint_advisories4cve12securityvulns2packetstorm1exploitpack2seebug3exploitdb2