Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.802523 |
Categoría: | Databases |
Título: | Oracle Database Server MDSYS.MD Buffer Overflows and Denial of Service Vulnerabilities |
Resumen: | This host is running Oracle database and is prone to a Buffer; Overflow and Denial of Service vulnerabilities. |
Descripción: | Summary: This host is running Oracle database and is prone to a Buffer Overflow and Denial of Service vulnerabilities. Vulnerability Insight: The flaws are due to an error in 'MDSYS.MD' package that is used in the Oracle spatial component. The package has EXECUTE permissions set to PUBLIC, so any Oracle database user can exploit the vulnerability to execute arbitrary code. Vulnerability Impact: Successful exploitation allows an attacker to execute arbitrary code. It can also be exploited to cause a Denial of Service by crashing the Oracle server process. Affected Software/OS: Oracle Database server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4. Solution: Apply the patch from the referenced advisory. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C |
Referencia Cruzada: |
BugTraq ID: 22083 Common Vulnerability Exposure (CVE) ID: CVE-2007-0272 http://www.securityfocus.com/bid/22083 Bugtraq: 20070124 Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD (Google Search) http://www.securityfocus.com/archive/1/458038/100/0/threaded Bugtraq: 20070718 Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12) (Google Search) http://www.securityfocus.com/archive/1/474047/100/0/threaded Cert/CC Advisory: TA07-017A http://www.us-cert.gov/cas/techalerts/TA07-017A.html http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml http://osvdb.org/32911 http://securitytracker.com/id?1017522 http://secunia.com/advisories/23794 XForce ISS Database: oracle-cpu-jan2007(31541) https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 |
Copyright | Copyright (c) 2011 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |