Vulnerability Description
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Database Server | 8.0.1 |
| Oracle | Oracle8I | 8.1.5 |
| Oracle | Oracle9I | 9.0 |
References
- http://marc.info/?l=bugtraq&m=101301332402079&w=2
- http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdfPatchVendor Advisory
- http://www.cert.org/advisories/CA-2002-08.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/180147US Government Resource
- http://www.securityfocus.com/bid/4033PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8089
- http://marc.info/?l=bugtraq&m=101301332402079&w=2
- http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdfPatchVendor Advisory
- http://www.cert.org/advisories/CA-2002-08.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/180147US Government Resource
- http://www.securityfocus.com/bid/4033PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/8089
FAQ
What is CVE-2002-0567?
CVE-2002-0567 is a vulnerability with a CVSS score of 7.5 (HIGH). Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to...
How severe is CVE-2002-0567?
CVE-2002-0567 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0567?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Database Server, Oracle Oracle8I, Oracle Oracle9I.