Vulnerabilities > CVE-2007-2114 - Multiple vulnerability in Oracle April 2007 Security Update
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11).
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Databases |
NASL id | ORACLE_RDBMS_CPU_APR_2007.NASL |
description | The remote Oracle database server is missing the April 2007 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Adanced Queuing - Advanced Replication - Authentication - Core RDBMS - Oracle Agent - Oracle Data Capture (CDC) - Oracle Instant Client - Oracle Streams - Oracle Text - Oracle Workflow Cartridge - Rules Manager, Expressions Filter - Ultra Search - Upgrade/Downgrade |
last seen | 2020-06-02 |
modified | 2011-11-16 |
plugin id | 56056 |
published | 2011-11-16 |
reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/56056 |
title | Oracle Database Multiple Vulnerabilities (April 2007 CPU) |
code |
|
Saint
bid | 23532 |
description | Oracle Database Advanced Replication component DBMS_SNAP_INTERNAL overflow |
id | database_oracle_version |
osvdb | 39933 |
title | oracle_advrep_snap_internal |
type | remote |
References
- http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf
- http://www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf
- http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
- http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
- http://www.securityfocus.com/archive/1/466329/100/200/threaded
- http://www.securityfocus.com/bid/23532
- http://www.securitytracker.com/id?1017927
- http://www.us-cert.gov/cas/techalerts/TA07-108A.html
- http://www.vupen.com/english/advisories/2007/1426