CVE-2007-3854 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-3854
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-3854

Description: Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/35490 http://xforce.iss.net/xforce/xfdb/35497 ST 1018415 SAID Secunia Advisory: SA26114 Secunia Advisory: SA26166 MISC http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_prvtaqis.html HP http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143 CONFIRM http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html CERT http://www.us-cert.gov/cas/techalerts/TA07-200A.html

Return to the previous page.