Vulnerability CVE-2005-3641


Published: 2005-11-16   Modified: 2012-02-12

Description:
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.

Vendor: Oracle
Product: Oracle9i 
Version:
standard_9.2.3
standard_9.2.0.6
standard_9.2.0.5
standard_9.2.0.3
standard_9.2.0.2
standard_9.2.0.1
standard_9.2
standard_9.0.4
standard_9.0.2.4
standard_9.0.2
standard_9.0.1.5_fips
standard_9.0.1.5
standard_9.0.1.4
standard_9.0.1.3
standard_9.0.1.2
standard_9.0.1
standard_9.0
standard_8.1.7
personal_9.2.0.6
personal_9.2.0.5
personal_9.2.0.3
personal_9.2.0.2
personal_9.2.0.1
personal_9.2
personal_9.0.4
personal_9.0.2.4
personal_9.0.1.5_fips
personal_9.0.1.5
personal_9.0.1.4
personal_9.0.1
personal_8.1.7
enterprise_9.2.0.6
enterprise_9.2.0.5
enterprise_9.2.0.3
enterprise_9.2.0.2
enterprise_9.2.0.1
enterprise_9.2.0
enterprise_9.0.4
enterprise_9.0.2.4
enterprise_9.0.1.5_fips
enterprise_9.0.1.5
enterprise_9.0.1.4
enterprise_9.0.1
enterprise_8.1.7
See more versions on NVD
Product: Oracle10g 
Version:
standard_9.0.4.0
standard_10.1.0.4.2
standard_10.1.0.4
standard_10.1.0.3.1
standard_10.1.0.3
standard_10.1.0.2
personal_9.0.4.0
personal_10.1.0.4
personal_10.1.0.3.1
personal_10.1.0.3
personal_10.1.0.2
enterprise_9.0.4.0
enterprise_10.1.0.4
enterprise_10.1.0.3.1
enterprise_10.1.0.3
enterprise_10.1.0.2
See more versions on NVD
Product: Oracle8i 
Version:
standard_8.1.7.4
standard_8.1.7.1
standard_8.1.7.0.0
standard_8.1.7
standard_8.1.6
standard_8.1.5
standard_8.0.6.3
standard_8.0.6
enterprise_8.1.7.4
enterprise_8.1.7.1.0
enterprise_8.1.7.0.0
enterprise_8.1.6.1.0
enterprise_8.1.6.0.0
enterprise_8.1.5.1.0
enterprise_8.1.5.0.2
enterprise_8.1.5.0.0
enterprise_8.0.6.0.1
enterprise_8.0.6.0.0
enterprise_8.0.5.0.0
See more versions on NVD
Product: Database server 
Version:
8.1.7.4
8.1.7
8.1.6
8.1.5
8.0.6.3
8.0.6
8.0.5.1
8.0.5
8.0.4
8.0.3
8.0.2
8.0.1
7.3.4
7.3.3
7.1.5
7.1.3
7.0.64
7.0.2
See more versions on NVD
Product: Database server lite 
Version:
5.0.2.9.0
5.0.2.0.0
5.0.1.0.0
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/15450
http://www.ngssoftware.com/papers/database-on-xp.pdf

Related CVE
CVE-2019-2726
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Services Integration). The supported version that is affected is 12.3.3. Difficult to exploit vulnerability allows low privileged ...
CVE-2019-2725
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with ...
CVE-2019-2723
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon...
CVE-2019-2722
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon...
CVE-2019-2721
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon...
CVE-2019-2720
Vulnerability in the Oracle Data Integrator component of Oracle Fusion Middleware (subcomponent: ODI Tools). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows low privileged attacker with ne...
CVE-2019-2719
Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: Web Applications (InfoCenter)). Supported versions that are affected are 8.5.1.0 - 8.5.1.7, 8.6.0 and 8.6.1. Easily exploitable vulnerability allows unauthenticated a...
CVE-2019-2713
Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce (subcomponent: Asset Manager). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access vi...

Copyright 2019, cxsecurity.com

 

Back to Top