漏洞标题
N/A
漏洞描述信息
Oracle数据库8i、9i和10g 允许远程登录的用户在SYS用户上下文中执行任意的SQL语句,并绕过审计日志,包括创建新特权数据库账户的语句。注意:由于Oracle建议中缺乏相关细节,正在创建单独的CVE,因为无法明确证明这是Oracle已经解决了这个问题。有可能这是Oracle从2006年1月CPU中提出的Oracle漏洞DB18,如果是这样,它将被合并到CVE-2006-0265中。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB18 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0265.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Oracle Database AUTH_ALTER_SESSION属性安全绕过和任意SQL语句执行漏洞
漏洞描述信息
Oracle Database 8i、9i 和 10g 使得远程认证用户可以借助AUTH_ALTER_SESSION属性(已在透明网络底层(TNS)协议身份验证阶段经过修改)在使用SYS用户以及绕过审核记录的情况下执行任意SQL语句(包括新建授权数据库帐号的语句)。
CVSS信息
N/A
漏洞类别
授权问题