CVE-2004-1366

Sažetak

Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.

Reference

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
http://www.kb.cert.org/vuls/id/316206
http://www.ngssoftware.com/advisories/oracle23122004D.txt
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
http://www.securityfocus.com/archive/1/385323
http://www.securityfocus.com/bid/10871
http://www.us-cert.gov/cas/techalerts/TA04-245A.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18661

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

04-08-2004 - 04:00