Summary
This host is running Oracle database and is prone to multiple vulnerabilities.
Impact
Successful exploitation allows remote authenticated users to execute arbitrary SQL commands via unknown vectors.
Impact Level: Application
Solution
Apply patches from below link,
http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
Insight
Flaw is due to,
- An unspecified errors in DataGuard, PL/SQL and Spatial components.
- An error in SQL compiler, allows a remote attacker with 'Create Session' privileges on the SQL Compiler component to perform unauthorized inserts, updates, and deletes in the database using specially-crafted views.
Affected
Oracle Database server versions 9.0.1.5, 9.2.0.8, 9.2.0.8DV, 10.1.0.5 and 10.2.0.3
References
- http://secunia.com/advisories/26114
- http://www.red-database-security.com/advisory/oracle_view_vulnerability.html
- http://www.securityfocus.com/archive/1/archive/1/474326/100/0/threaded
- http://www.securitytracker.com/id?1018415
- http://www.us-cert.gov/cas/techalerts/TA07-200A.html
- http://xforce.iss.net/xforce/xfdb/35495
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-3855 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Oracle MySQL Multiple Unspecified vulnerabilities-04 Oct14 (Windows)
- IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Win)
- MySQL Denial of Service (infinite loop) Vulnerabilities
- IBM DB2 Self Tuning Memory Manager (STMM) DOS Vulnerability (Linux)
- MariaDB 'COM_CHANGE_USER' Command Insecure Salt Generation Security Bypass Vulnerability