4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
0.011 Low
EPSS
Percentile
82.7%
Added: 02/06/2009
CVE: CVE-2008-3974
BID: 33177
OSVDB: 51347
The Online Analytical Processing (OLAP) component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries.
A buffer overflow vulnerability in the ODCITABLESTART function allows command execution using a specially crafted SQL query.
Apply the Oracle Critical Patch Update for January 2009.
<http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html>
Exploit works on Oracle Database 9i 9.0.2.1.
This exploit requires the login and password of a database account with EXECUTION privilege on the SYS.OLAPIMPL_T package. The default “scott” user has sufficient privilege.
Windows