CVE-2008-6065

Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141.

Published : 2009-02-05 02:30 Updated : 2018-10-30 16:25

5.1
CVSS Score More info
Score 5.1 / 10
5.1
Vendor Product Version URI
Oracle Database Server 10.1 cpe:/a:oracle:database_server:10.1
Oracle Database Server 10.2 cpe:/a:oracle:database_server:10.2
Oracle Database Server 11 cpe:/a:oracle:database_server:11
  1. Oracle (1) Search CVE
    1. Database Server (3) Search CVE
      1. 10.1
      2. 10.2
      3. 11

CWE

ID Name Description Links
CWE-264 Permissions, Privileges, and Access Controls Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. CVE

History of changes

Date Event
2018-10-30 16:25
2018-10-11 20:56
2017-08-08 06:00
2009-02-05 02:30

New CVE