Oracle Database Server Multiple Components Multiple Vulnerabilities Network Vulnerability

Summary

This host is running Oracle database and is prone to multiple vulnerabilities.

Impact

Successful exploitation allows remote authenticated users to execute arbitrary SQL commands via unknown vectors. Impact Level: Application

Solution

Apply patches from below link, http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html

Insight

Flaw is due to, - An unspecified errors in DataGuard, PL/SQL and Spatial components. - An error in SQL compiler, allows a remote attacker with 'Create Session' privileges on the SQL Compiler component to perform unauthorized inserts, updates, and deletes in the database using specially-crafted views.

Affected

Oracle Database server versions 9.0.1.5, 9.2.0.8, 9.2.0.8DV, 10.1.0.5 and 10.2.0.3

References

http://secunia.com/advisories/26114
http://www.red-database-security.com/advisory/oracle_view_vulnerability.html
http://www.securityfocus.com/archive/1/archive/1/474326/100/0/threaded
http://www.securitytracker.com/id?1018415
http://www.us-cert.gov/cas/techalerts/TA07-200A.html
http://xforce.iss.net/xforce/xfdb/35495

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-3855
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Oracle MySQL Multiple Unspecified vulnerabilities - 02 May14 (Windows)
Oracle MySQL Server Component 'Optimizer' Unspecified vulnerability Oct-2013 (Windows)
IBM DB2 Multiple Denial of Service Vulnerabilities
MySQL MyISAM Table Privileges Secuity Bypass Vulnerability
IBM DB2 SYSIBMADM Multiple Vulnerabilities (Sep10)

Take action and discover your vulnerabilities