| VID |
25156 |
| Severity |
30 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The ORACLE server on the host system allows application account or non-administrative users account to get SYSDBA authority. Attacker can access database with DBA authority by using this vulnerability.
* Platforms Affected:
UNIX any version
Linux any version
Microsoft Windows any version |
| Recommendation |
Revoke SYSDBA from non-administrative users by executing the following command:
SQL> REVOKE SYSDBA FROM <account> |
| Related URL |
CVE-2004-2244 (CVE) |
| Related URL |
9703,9705 (SecurityFocus) |
| Related URL |
15270 (ISS) |
|
