CVE-2004-1338

Name: CVE-2004-1338
Creator: NVD / NIST
Published: 2004-12-23T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.19%

Last modified Jun 16, 2026

CVE-2004-1338 is a vulnerability of currently unknown severity. The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.. EPSS estimates a 1.19% chance of exploitation in the next 30 days.

Description

The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.

Metrics

EPSS Probability

1.19%

64.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions	Update
Oracle	Database Server	10.2.1	R2
Oracle	Oracle9i	9.0	—
Oracle	Oracle9i	9.0.1	—
Oracle	Oracle9i	9.0.1.2	—
Oracle	Oracle9i	9.0.1.3	—
Oracle	Oracle9i	9.0.1.4	—
Oracle	Oracle9i	9.0.2	—
Oracle	Oracle9i	9.0.2.0.0	—
Oracle	Oracle9i	9.0.2.0.1	—
Oracle	Oracle9i	9.0.2.1	—
Oracle	Oracle9i	9.0.2.2	—
Oracle	Oracle9i	9.0.2.3	—
Oracle	Oracle9i	9.2.0.1	—
Oracle	Oracle9i	9.2.0.2	—

References

http://marc.info/?l=bugtraq&m=110382230614420&w=2Third Party Advisory
http://www.ngssoftware.com/advisories/oracle23122004I.txtPatch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18655
http://marc.info/?l=bugtraq&m=110382230614420&w=2Third Party Advisory
http://www.ngssoftware.com/advisories/oracle23122004I.txtPatch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18655

Timeline

Published: Dec 23, 2004
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2004-1338?

How severe is CVE-2004-1338?

Severity scoring for CVE-2004-1338 is pending analysis. The EPSS model estimates a 1.19% probability of exploitation in the next 30 days.

How do I fix CVE-2004-1338?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-1338?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST