CVE-2002-0567 — Oracle Database Server vulnerability

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Database Server Oracle Oracle8i Oracle Oracle9i

Timeline

PublishedJul 3

Latest updateApr 30

Description

Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶NVDoracle/oracle8i14 versions+13

▶NVDoracle/oracle9i9.0, 9.0.1+1

▶NVDoracle/database_server11 versions+10

Patches

Patch: otn.oracle.com ↗Patch: www.cert.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-gjj5-7q9j-r452: Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary function↗2022-04-30

▶

CVEList

CVE-2002-0567: Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary function↗2003-04-02

▶

💬Community

Bugzilla

CVE-2002-2214 php imap To header buffer overflow↗2006-06-15

▶