|
|
|
|
| |
Credit:
The original article can be found at: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2243
The original article can be found at: http://www.securityfocus.com/bid/48764
|
| |
Vulnerable Systems:
* Oracle11g Standard Edition 11.2.0.1.0
* Oracle11g Standard Edition 11.2.0.1 R2
* Oracle11g Standard Edition 11.1.0.7.3
* Oracle11g Enterprise Edition 11.2.0.1.0
* Oracle11g Enterprise Edition 11.2.0.1 R2
* Oracle11g Enterprise Edition 11.1.0.7.3
Oracle Database Server is prone to a remote vulnerability in Core RDBMS.
The vulnerability can be exploited over the 'Oracle NET' protocol. For an exploit to succeed, the attacker must have 'Create session and trigger as SYSDBA' privileges.
Vendor Status:
Oracle as issued an update for this vulnerablity
Patch Availability:
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
CVE Information:
CVE-2011-2243
Disclosure Timeline:
2011-July-19 Rev 1. Initial Release
2011-July-19 Rev 2. Modified Credit Statement and modified Notes in Oracle Sun Products Risk Matrix.
2011-July-21 Rev 3. Pete Finnigan added to the In-Depth Credit Statement.
2011-July-22 Rev 4. Andy Davis added to the Credit Statement.
2011-August-2 Rev 5. Modified supported versions affected for PeopleSoft Enterprise PeopleTools for CVE-2011-2275, CVE-2011-2280 and CVE-2011-2274.
2011-August-19 Rev 6. Modified supported versions affected for PeopleSoft Enterprise PeopleTools and Oracle VM VirtualBox.
2011-December-15 Rev 7. Updated the CVSS score and note for CVE-2011-1511.
|
|
|
|
|
