CVE-2008-6065

NONECVSS 0.0

0.0

Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE permissions for arbitrary pathnames that are aliased in a CREATE OR REPLACE DIRECTORY statement, which allows remote authenticated users with CREATE ANY DIRECTORY privileges to gain SYSDBA privileges by aliasing the pathname of the password directory, and then overwriting the password file through UTL_FILE operations, a related issue to CVE-2006-7141.

🔗 References (10)

cve@mitrehttp://www.oracleforensics.com/wordpress/index.php/2008/10/10/create-any-directory-to-sysdba/
cve@mitrehttp://www.oracleforensics.com/wordpress/wp-content/uploads/2008/10/create-any-directory-to-sysdba.pdf
cve@mitrehttp://www.securityfocus.com/archive/1/497286/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/31738
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/48814
af854a3a-2127-422b-91ae-364da2661108http://www.oracleforensics.com/wordpress/index.php/2008/10/10/create-any-directory-to-sysdba/
af854a3a-2127-422b-91ae-364da2661108http://www.oracleforensics.com/wordpress/wp-content/uploads/2008/10/create-any-directory-to-sysdba.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/497286/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31738
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/48814

Is Your Infrastructure Affected by CVE-2008-6065?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-6065

📅 Published

🔄 Last Modified

🔗 References (10)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-6065?