Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5504

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2007-5504
Last Modified 22 Oct 2012 10:36:38
Published 17 Oct 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-5504

Summary

Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and 10.1.0.5 unknown impact and remote attack vectors, related to (1) Import (DB01) and (2) Advanced Queuing (DB25). NOTE: as of 20071108, Oracle has not disputed reliable researcher claims that DB25 is for a buffer overflow in the DBLINK_INFO procedure in the DBMS_AQADM_SYS package.

Vulnerable Systems

Application

  • Oracle Database Server 10.1.0.5

  • Oracle Database Server 9.0.1.5


References

CERT - TA07-290A

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

VUPEN - ADV-2007-3626

VUPEN - ADV-2007-3524

SECTRACK - 1018823

BID - 26235

BUGTRAQ - 20071029 Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in procedure DBMS_AQADM_SYS.DBLINK_INFO

MISC - http://www.appsecinc.com/resources/alerts/oracle/2007-08.shtml

SECUNIA - 27409

SECUNIA - 27251

HP - HPSBMA02133

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html

HP - SSRT061201


Last Updated: 27 May 2016 11:01:12