Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Database)  >   Oracle Database Vendors:   Oracle
Oracle Database ‘INDEXTYPE CTXSYS.CONTEXT’ Bug Lets Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1027367
SecurityTracker URL:
CVE Reference:   CVE-2012-3132   (Links to External Site)
Updated:  Oct 17 2012
Original Entry Date:  Aug 12 2012
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Description:   A vulnerability was reported in Oracle Database. A remote authenticated user can gain elevated privileges on the target system.

A remote authenticated user with 'Create Table' privileges can send specially crafted data to gain 'SYS' privileges.

Versions and are not affected on systems that have the July 2012 Critical Patch Update.

Oracle Fusion Middleware, Oracle Enterprise Manager, Oracle E-Business Suite include the affected Oracle Database Server component and may be vulnerable.

This vulnerability was reported at Black Hat USA 2012 Briefings.

Impact:   A remote authenticated user with 'Create Table' privileges can gain 'SYS' privileges on the target system.
Solution:   The vendor has issued a fix.

The fix is also included in the October 2012 Oracle Critical Patch Update Advisory.

The vendor's advisories are available at:

Vendor URL: (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (2008), Windows (Vista), Windows (XP)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC