CVE-2002-0567: Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by…

[HIGH] CWE-420 Unprotected Alternate Channel CWE-420: Unprotected Alternate Channel The product protects a primary channel, but it does not use the same level of protection for an alternate channel. Modes of Introduction: Phase: Architecture and Design Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. Phase: Implementation Phase: Operation Common Consequences: Scope: Access Control. Impact: Gain Privileges or Assume Identity, Bypass Protection Mechanism. Potential Mitigations: [Architecture and Design] Identify all alternate channels and use the same protection mechanisms that are used for the primary channels. Examples: Register SECURE_ME is located at address 0xF00. A mirror of this register called COPY_OF_SECURE_ME is at location 0x800F00. The register SECURE_ME is