CVE-2008-3982

Oracle Database <11.1.0.6 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3982. PoCs published by CG, including Metasploit module auxiliary/sqli/oracle/lt_compressworkspace.

AI-analyzed exploit summary This Metasploit module exploits a SQL injection vulnerability in Oracle's SYS.LT.COMPRESSWORKSPACE procedure, allowing arbitrary SQL execution via a crafted function and package calls. It leverages the CREATEWORKSPACE and COMPRESSWORKSPACETREE functions to trigger the injection.

Description

Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3983 and CVE-2008-3984.

Exploits (1)

metasploit WORKING POC

by CG · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/sqli/oracle/lt_compressworkspace.rb

View Code ZIP pw:eip

This Metasploit module exploits a SQL injection vulnerability in Oracle's SYS.LT.COMPRESSWORKSPACE procedure, allowing arbitrary SQL execution via a crafted function and package calls. It leverages the CREATEWORKSPACE and COMPRESSWORKSPACETREE functions to trigger the injection.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Oracle Database (versions affected by CVE-2008-3982)

Auth required

Prerequisites: Execute privilege on SYS.LT package · Valid database credentials

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html

Permissions Required third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32291

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1021050

Not Applicable vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/2825

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45885

Scores

EPSS 0.1174

EPSS Percentile 95.5%

Details

Status published

Products (5)

oracle/database_10g 10.1.0.5

oracle/database_10g 10.2.0.3

oracle/database_11i 11.1.0.6

oracle/database_9i 9.2.0.8

oracle/database_9i 9.2.0.8dv

Published Oct 14, 2008

Tracked Since Feb 18, 2026