Vulnerabilities > CVE-2007-1442 - Insecure Permissions vulnerability in Oracle Database Server 10.2.1/10.2.2/10.2.3

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
oracle

Summary

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.

Vulnerable Configurations

Part Description Count
Application
Oracle
9