The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.Referenceshttp://www.red-database-security.com/exploits/oracle_exploit_dbms_scheduler_select_user.htmlhttp://marc.info/?l=bugtraq&m=111531740305049&w=2http://www.securityfocus.com/bid/13509https://exchange.xforce.ibmcloud.com/vulnerabilities/20410
