← Back

CVE-2004-1338

nvd nist
Published: Dec 23, 2004Modified: Apr 16, 2026

JSON object

Loading...
6.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:P
Exploitability: 8.0 / Impact: 6.4
Source: NVD

Description

The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.

Affected (14)

Oracle
2 products
Database Server
Oracle9i
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Database Server
Version 10.2.1 r2
Oracle
Oracle9i
Version 9.0.1.2
Oracle9i
Version 9.0.1.3
Oracle9i
Version 9.0.1.4
Oracle9i
Version 9.0.1
Oracle9i
Version 9.0.2.0.0
Oracle9i
Version 9.0.2.0.1
Oracle9i
Version 9.0.2.1
Oracle9i
Version 9.0.2.2
Oracle9i
Version 9.0.2.3
Oracle9i
Version 9.0.2
Oracle9i
Version 9.0
Oracle9i
Version 9.2.0.1
Oracle9i
Version 9.2.0.2

Related CWEs

CWE-264
CWE-264

References (6)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.