Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.802522
Categoría:Databases
Título:Oracle Database Server Multiple Components Multiple Vulnerabilities
Resumen:This host is running Oracle database and is prone to multiple; vulnerabilities.
Descripción:Summary:
This host is running Oracle database and is prone to multiple
vulnerabilities.

Vulnerability Insight:
Flaw is due to:

- An unspecified errors in DataGuard, PL/SQL and Spatial components.

- An error in SQL compiler, allows a remote attacker with 'Create Session'
privileges on the SQL Compiler component to perform unauthorized inserts,
updates, and deletes in the database using specially-crafted views.

Vulnerability Impact:
Successful exploitation allows remote authenticated users to execute
arbitrary SQL commands via unknown vectors.

Affected Software/OS:
Oracle Database server versions 9.0.1.5, 9.2.0.8, 9.2.0.8DV, 10.1.0.5
and 10.2.0.3

Solution:
Apply the patch from the referenced advisory.

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 24887
Common Vulnerability Exposure (CVE) ID: CVE-2007-3855
Bugtraq: 20070718 Oracle Security: Insert / Update / Delete Data via Views (Google Search)
http://www.securityfocus.com/archive/1/473997/100/0/threaded
Bugtraq: 20070721 Oracle bad Views - Exploit released (Google Search)
http://www.securityfocus.com/archive/1/474326/100/0/threaded
Cert/CC Advisory: TA07-200A
http://www.us-cert.gov/cas/techalerts/TA07-200A.html
HPdes Security Advisory: HPSBMA02133
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143
HPdes Security Advisory: SSRT061201
http://rawlab.mindcreations.com/codes/exp/oracle/bunkerview.sql
http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf
http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html
http://www.red-database-security.com/advisory/oracle_view_vulnerability.html
http://www.securitytracker.com/id?1018415
http://secunia.com/advisories/26114
http://secunia.com/advisories/26166
http://securityreason.com/securityalert/2903
http://www.vupen.com/english/advisories/2007/2562
http://www.vupen.com/english/advisories/2007/2635
XForce ISS Database: oracle-cpu-july2007(35490)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35490
XForce ISS Database: oracle-unauth-view-access(35495)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35495
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.