Back to search
CVE-2004-1338
Published: Jan 6, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20041223 Oracle Trigger Abuse (#NISR2122004I)
mailing-list
x_refsource_BUGTRAQ
http://www.ngssoftware.com/advisories/oracle23122004I.txt
x_refsource_MISC
oracle-triggers-gain-privileges(18655)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now