Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
oracle database_server 权限许可和访问控制漏洞
Vulnerability Description
Oracle数据库是甲骨文公司开发一款关系型数据库产品。 Oracle Database Server 10.1,10.2和11g版本为在一个"创建或替代目录"陈述中有别名的任意路径名准予"写目录"许可,这使得拥有创建任意目录特权的远程认证用户可以先对密码目录的路径名进行化名,然后再通过UTL_FILE操作重写密码文件,从而获得SYSDBA特权。该漏洞与 CVE-2006-7141有关。
CVSS Information
N/A
Vulnerability Type
N/A