CVE-2007-0268 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-0268
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-0268

Description: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unknown impact and attack vectors related to (1) the Advanced Queuing component and sys.dbms_aqsys.dbms_aq privileges (DB01), (2) Advanced Replication and sys.dbms_repcat_untrusted (DB07), and (3) Oracle Text and ctxload (DB15). NOTE: Oracle has not publicly claims by reliable researchers that DB01 is for SQL injection in the SYS.DBMS_AQ_INV package, and DB07 is for a buffer overflow in the UNREGISTER_SNAPSHOT procedure in the DBMS_REPCAT_UNTRUSTED package.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/31541 ST 1017522 SAID Secunia Advisory: SA23794 OSVDB 32913 32907 32921 MISC http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aq_inv.html CONFIRM http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html CERT-VN 221788 CERT http://www.us-cert.gov/cas/techalerts/TA07-017A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/458005/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/458475/100/100/threaded BID 22083

Return to the previous page.