Release DateMay 22, 2009 |
Severitymedium |
ImpactPrivilege Escalation: Remote attackers can leverage their privilege on the vulnerable systems. |
DescriptionThis indicates an exploit attempt against the sql injection vulnerability in Oracle database system.The vulnerability lies in the SYS.LT.ROLLBACKWORKSPACE procedure of Oracle database. A specially crafted parameters could allow attacker to execute SQL statements with SYS or WMSYS privileges. |
Affected ProductsOracle 10g R1 |
Recommended ActionsApply the patch from vendor's website.http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-0978 |
Reference/shttp://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml |
