CVE-2008-2607

Current Description

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_AQELM. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a buffer overflow that allows attackers to cause a denial of service (database corruption) and possibly execute arbitrary code via a long argument to an unspecified procedure.

Basic Data

PublishedJuly 15, 2008
Last ModifiedOctober 23, 2012
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.5
SeverityMEDIUM
Exploitability Score8.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOracleAdvanced Queuing Component********
    2.3ApplicationOracleDatabase 9i9.2.0.8*******
    2.3ApplicationOracleDatabase 9i9.2.0.8dv******
    2.3ApplicationOracleDatabase Server10.1.0.5*******
    2.3ApplicationOracleDatabase Server10.2.0.4*******
    2.3ApplicationOracleDatabase Server11.1.0.6*******

Vulnerable Software List

VendorProductVersions
Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.6
Oracle Advanced Queuing Component *
Oracle Database 9i 9.2.0.8

References

NameSourceURLTags
SSRT061201http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143HP
20080715 Oracle Database DBMS_AQELM Package Buffer Overflow Vulnerabilityhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=726IDEFENSE
31087http://secunia.com/advisories/31087SECUNIAVendor Advisory
31113http://secunia.com/advisories/31113SECUNIAVendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2008-090335.htmlCONFIRM
1020499http://www.securitytracker.com/id?1020499SECTRACK
ADV-2008-2109http://www.vupen.com/english/advisories/2008/2109/referencesVUPENVendor Advisory
ADV-2008-2115http://www.vupen.com/english/advisories/2008/2115VUPENVendor Advisory