Vulnerabilities > CVE-2010-0870 - Unspecified vulnerability in Oracle Database Server 9.2.0.8/9.2.0.8Dv
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN oracle
metasploit
Summary
Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Metasploit
| description | The module exploits an sql injection flaw in the DROP_CHANGE_SOURCE procedure of the PL/SQL package DBMS_CDC_PUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTE_CATALOG_ROLE have the required privilege. |
| id | MSF:AUXILIARY/SQLI/ORACLE/DBMS_CDC_PUBLISH2 |
| last seen | 2020-06-14 |
| modified | 1976-01-01 |
| published | 1976-01-01 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/sqli/oracle/dbms_cdc_publish2.rb |
| title | Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE |
References
- http://secunia.com/advisories/39438
- http://secunia.com/advisories/39438
- http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html
- http://www.us-cert.gov/cas/techalerts/TA10-103B.html
- http://www.us-cert.gov/cas/techalerts/TA10-103B.html