Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.802523
Categoría:Databases
Título:Oracle Database Server MDSYS.MD Buffer Overflows and Denial of Service Vulnerabilities
Resumen:This host is running Oracle database and is prone to a Buffer; Overflow and Denial of Service vulnerabilities.
Descripción:Summary:
This host is running Oracle database and is prone to a Buffer
Overflow and Denial of Service vulnerabilities.

Vulnerability Insight:
The flaws are due to an error in 'MDSYS.MD' package that is used in the
Oracle spatial component. The package has EXECUTE permissions set to PUBLIC, so
any Oracle database user can exploit the vulnerability to execute arbitrary code.

Vulnerability Impact:
Successful exploitation allows an attacker to execute arbitrary code. It
can also be exploited to cause a Denial of Service by crashing the Oracle server process.

Affected Software/OS:
Oracle Database server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4.

Solution:
Apply the patch from the referenced advisory.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:C/A:C

Referencia Cruzada: BugTraq ID: 22083
Common Vulnerability Exposure (CVE) ID: CVE-2007-0272
http://www.securityfocus.com/bid/22083
Bugtraq: 20070124 Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD (Google Search)
http://www.securityfocus.com/archive/1/458038/100/0/threaded
Bugtraq: 20070718 Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12) (Google Search)
http://www.securityfocus.com/archive/1/474047/100/0/threaded
Cert/CC Advisory: TA07-017A
http://www.us-cert.gov/cas/techalerts/TA07-017A.html
http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml
http://osvdb.org/32911
http://securitytracker.com/id?1017522
http://secunia.com/advisories/23794
XForce ISS Database: oracle-cpu-jan2007(31541)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31541
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.