• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Oracle SQL*Plus Unauthorized Shell Command Execution Vulnerability

Bugtraq ID:	3900
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Jan 17 2002 12:00AM
Updated:	Jan 17 2002 12:00AM
Credit:	This issue was discovered by Jonathan A. Zdziarski <jonathan@cafejesus.com>.
Vulnerable:	Oracle Oracle9i Standard Edition 9.0.1 Oracle Oracle9i Standard Edition 9.0 Oracle Oracle8i Standard Edition 8.1.7 .1 Oracle Oracle8i Standard Edition 8.1.7 Oracle Oracle8i Standard Edition 8.1.6 Oracle Oracle8i Standard Edition 8.1.5 Oracle Oracle8 8.0.6 Oracle Oracle8 8.0.5 - SGI IRIX 6.5.4 Oracle Oracle8 8.0.4 Oracle Oracle8 8.0.2 Oracle Oracle8 8.0.1 - HP HP-UX 11.0 - Microsoft Windows NT 4.0 - Sun Solaris 8
Not Vulnerable: