Chris Taschner

**Name of the Vulnerable Software and Affected Versions** Oracle Database versions 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 **Description** The issue is related to an unspecified vulnerability in the Core RDBMS component. It allows remote attackers to have an unknown impact. The problem occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided, even though all users are authenticated as Guest. This allows remote attackers to gain privileges. **Recommendations** For Oracle Database version 9.0.1.5, update to a version that fixes this issue. For Oracle Database version 9.2.0.8, update to a version that fixes this issue. For Oracle Database version 10.1.0.5, update to a version that fixes this issue. For Oracle Database version 10.2.0.2, update to a version that fixes this issue.