Home Corporate Website Jobs Updated Mailing Lists RSS Blog  Online Shop Advertise
	Software Inspectors   Scan Online   Personal (PSI)   Network (NSI 2.0) Solutions For   Security Professionals   Security Vendors Free Solutions For   Open Communities   Journalists & Media Secunia Advisories   Search   Historic Advisories   Listed By Product   Listed By Vendor   Statistics / Graphs   Secunia Research   Report Vulnerability   About Advisories Virus Information   Chronological List   Last 10 Virus Alerts   About Virus Information Secunia Customers   Customer Area CVE Reference: CVE-2007-2108 NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. Original Page at CVE MITRE: CVE-2007-2108 Description: Unspecified vulnerability in the Core RDBMS component Oracle Database 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.2 on Windows allows remote attackers to have an unknown impact, aka DB01. NOTE: as of 20070424, Oracle has not disputed reliable claims that this issue occurs because the NTLM SSPI AcceptSecurityContext function grants privileges based on the username provided even though all users are authenticated as Guest, which allows remote attackers to gain privileges. CVE Status: Candidate References: ST   1017927 MISC   http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html   http://www.ngssoftware.com/papers/database-on-xp.pdf   http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf   http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf HP   http://www.securityfocus.com/archive/1/archive/1/466329/100/200/threaded CONFIRM   http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html CERT-VN   809457 CERT   http://www.us-cert.gov/cas/techalerts/TA07-108A.html BID   23532 Return to the previous page. Secunia PSI Scan | Patch | Track Free Download Secunia Poll Do you think it's important to read Setup/User Guides for applications for use within your network? Yes, I do it all the time Yes, but I do it rarely No See Results    Most Popular Advisories 1. Sun Solaris Kernel Covert Channel Security Bypass 2. HP TCP/IP Services for OpenVMS Finger Format String Vulnerability 3. dotProject SQL Injection and Cross-Site Scripting 4. Novell eDirectory Multiple Vulnerabilities 5. PluggedOut Blog "index.php" SQL Injection Vulnerabilities 6. Slackware update for amarok 7. phpBB "gen_rand_strin g()" Predictable RNG Weakness 8. Adium MSN SLP Message Integer Overflow Vulnerabilities 9. Blogn Cross-Site Scripting and Cross-Site Request Forgery 10. Acoustica Mixcraft ".mx4" File Processing Buffer Overflow
Vulnerability Management - Terms & Conditions - Copyright 2002-2008 Secunia - Compliance - Contact Secunia