TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR2, 11gR1 and 11gR2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of...

CVE-2011-3511

Oracle Database Vault (Database Vault component) on 10gR2/11gR1/11gR2 is affected by CVE-2011-3511, where users with DV_ACCTMGR or SYSDBA can bypass protections and execute OCIPasswordChange to change any user’s password. Root cause relates to privileged account handling; advisory TeamSHATTER not...