Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle Trigger权限提升漏洞
Vulnerability Description
Oracle Database是一款商业性质大型数据库系统。 Database triggers控制限制实现不正确,远程攻击者可以利用这个漏洞提升特权。 Trigger一般以definer/owner特权执行,trigger SDO_CMT_CBK_TRIG属于MDSYS,当对SDO_TXN_IDX_INSERTS表进行DELETE操作时触发,PUBLIC在这个表上拥有SELECT, INSERT, UPDATE和DELETE对象的特权,因此任何人可以通过从表中删除一行导致SDO_CMT_CBK_TRIG
CVSS Information
N/A
Vulnerability Type
N/A