Summary
This host is running Oracle database and is prone to buffer overflow and denial of service vulnerabilities.
Impact
Successful exploitation allows an attacker to execute arbitrary code. It can also be exploited to cause denial of service by killing Oracle server process.
Impact Level: Application
Solution
Apply patches from below link,
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
Insight
The flaws are due to error in 'MDSYS.MD' package that is used in the Oracle spatial component. The package has EXECUTE permission to PUBLIC, so any Oracle database user can exploit the vulnerability to execute arbitrary code.
Affected
Oracle Database server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4
References
- http://osvdb.org/32911
- http://securitytracker.com/id?1017522
- http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml
- http://www.securityfocus.com/archive/1/archive/1/474047/100/0/threaded
- http://www.us-cert.gov/cas/techalerts/TA07-017A.html
- http://xforce.iss.net/xforce/xfdb/31541
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-0272 -
CVSS Base Score: 8.5
AV:N/AC:L/Au:S/C:N/I:C/A:C
Related Vulnerabilities
- MySQL Server Buffer Overflow Vulnerability (Linux)
- Oracle Database Server Multiple Vulnerabilities - July 06
- Oracle Database Server Multiple Unspecified Vulnerabilities - Jan 08
- IBM DB2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability (Linux)
- IBM DB2 Administration Server (DAS) Buffer Overflow Vulnerability