Detections
Analytics

Oracle Database 9i/10g Fine Grained Auditing (FGA) SELECT Statement Logging Weakness

low Nessus Plugin ID 18205

Language:

Synopsis

The remote database server may allow logging to be disabled.

Description

The remote host is running a version of Oracle Database that, according to its version number, suffers from a flaw in which Fine Grained Auditing (FGA) becomes disabled when the user SYS runs a SELECT statement.

Solution

Apply the 10.1.0.4 patch set for Oracle 10g.

See Also

http://www.nessus.org/u?7b7e6e40

https://seclists.org/bugtraq/2005/May/43

Plugin Details

Severity: Low

ID: 18205

File Name: oracle_fga_logging_failure.nasl

Version: 1.18

Type: remote

Family: Databases

Published: 5/9/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:oracle:database_server

Exploit Ease: No known exploits are available

Patch Publication Date: 5/5/2005

Vulnerability Publication Date: 5/2/2005

Reference Information

CVE: CVE-2005-1495

BID: 13510