CVE-2007-3855
CVE-2007-3855
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to have an unknown impact via (1) SYS.DBMS_DRS in the DataGuard component (DB03), (2) SYS.DBMS_STANDARD in the PL/SQL component (DB10), (3) MDSYS.RTREE_IDX in the Spatial component (DB16), and (4) SQL Compiler (DB17). NOTE: a reliable researcher claims that DB17 is for using Views to perform unauthorized insert, update, or delete actions.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/4203unverifiedexploitdbwww.exploit-db.com/exploits/30295unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143http://rawlab.mindcreations.com/codes/exp/oracle/bunkerview.sqlhttp://secunia.com/advisories/26114http://secunia.com/advisories/26166http://securityreason.com/securityalert/2903https://exchange.xforce.ibmcloud.com/vulnerabilities/35490https://exchange.xforce.ibmcloud.com/vulnerabilities/35495http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdfhttp://www.oracle.com/technetwork/topics/security/cpujul2007-087014.htmlhttp://www.red-database-security.com/advisory/oracle_cpu_jul_2007.htmlhttp://www.red-database-security.com/advisory/oracle_view_vulnerability.htmlhttp://www.securityfocus.com/archive/1/473997/100/0/threaded