Vulnerabilities > CVE-2007-3855 - Unspecified vulnerability in Oracle Database Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
description Oracle 9i/10g evil views Change Passwords Exploit (CVE-2007-3855). CVE-2007-3855. Local exploits for multiple platform id EDB-ID:4203 last seen 2016-01-31 modified 2007-07-19 published 2007-07-19 reporter bunker source https://www.exploit-db.com/download/4203/ title Oracle 9i/10g Evil Views - Change Passwords Exploit description Oracle Database SQL Compiler Views Unauthorized Manipulation. CVE-2007-3855. Local exploits for multiple platform id EDB-ID:30295 last seen 2016-02-03 modified 2007-07-12 published 2007-07-12 reporter bunker source https://www.exploit-db.com/download/30295/ title Oracle Database SQL Compiler Views Unauthorized Manipulation
Nessus
| NASL family | Databases |
| NASL id | ORACLE_RDBMS_CPU_JUL_2007.NASL |
| description | The remote Oracle database server is missing the July 2007 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - DataGuard - JavaVM - Oracle Data Mining - Oracle Text - PL/SQL - Rules Manager - Spatial - SQL Compiler |
| last seen | 2020-06-02 |
| modified | 2011-11-16 |
| plugin id | 56057 |
| published | 2011-11-16 |
| reporter | This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/56057 |
| title | Oracle Database Multiple Vulnerabilities (July 2007 CPU) |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/57886/bunkerview.txt |
| id | PACKETSTORM:57886 |
| last seen | 2016-12-05 |
| published | 2007-07-20 |
| reporter | Andrea Purificato |
| source | https://packetstormsecurity.com/files/57886/bunkerview.txt.html |
| title | bunkerview.txt |
Seebug
bulletinFamily exploit description No description provided by source. id SSV:83727 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-83727 title Oracle Database SQL Compiler Views Unauthorized Manipulation bulletinFamily exploit description No description provided by source. id SSV:7065 last seen 2017-11-19 modified 2007-07-20 published 2007-07-20 reporter Root source https://www.seebug.org/vuldb/ssvid-7065 title Oracle 9i/10g evil views Change Passwords Exploit (CVE-2007-3855) bulletinFamily exploit description No description provided by source. id SSV:64812 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-64812 title Oracle 9i/10g Evil Views - Change Passwords Exploit
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143
- http://rawlab.mindcreations.com/codes/exp/oracle/bunkerview.sql
- http://rawlab.mindcreations.com/codes/exp/oracle/bunkerview.sql
- http://secunia.com/advisories/26114
- http://secunia.com/advisories/26114
- http://secunia.com/advisories/26166
- http://secunia.com/advisories/26166
- http://securityreason.com/securityalert/2903
- http://securityreason.com/securityalert/2903
- http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf
- http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf
- http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
- http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
- http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html
- http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html
- http://www.red-database-security.com/advisory/oracle_view_vulnerability.html
- http://www.red-database-security.com/advisory/oracle_view_vulnerability.html
- http://www.securityfocus.com/archive/1/473997/100/0/threaded
- http://www.securityfocus.com/archive/1/473997/100/0/threaded
- http://www.securityfocus.com/archive/1/474326/100/0/threaded
- http://www.securityfocus.com/archive/1/474326/100/0/threaded
- http://www.securitytracker.com/id?1018415
- http://www.securitytracker.com/id?1018415
- http://www.us-cert.gov/cas/techalerts/TA07-200A.html
- http://www.us-cert.gov/cas/techalerts/TA07-200A.html
- http://www.vupen.com/english/advisories/2007/2562
- http://www.vupen.com/english/advisories/2007/2562
- http://www.vupen.com/english/advisories/2007/2635
- http://www.vupen.com/english/advisories/2007/2635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35490
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35490
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35495
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35495