Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5507

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-5507
Last Modified 22 Oct 2012 10:36:39
Published 17 Oct 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5507

Summary

The GIOP service in TNS Listener in the Oracle Net Services component in Oracle Database 9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote attackers to cause a denial of service (crash) or read potentially sensitive memory via a connect GIOP packet with an invalid data size, which triggers a buffer over-read, aka DB22.

Vulnerable Systems

Application

  • Oracle Database Server 10.1.0.5

  • Oracle Database Server 10.2.0.3

  • Oracle Database Server 9.0.1.5

  • Oracle Database Server 9.2.0.8

  • Oracle Database Server 9.2.0.8dv


References

CERT - TA07-290A

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

VUPEN - ADV-2007-3626

VUPEN - ADV-2007-3524

SECTRACK - 1018823

BUGTRAQ - 20071017 Oracle TNS Listener DoS and/or remote memory inspection

SECUNIA - 27251

HP - SSRT061201

BID - 26103

MISC - http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-tns-listener/

SREASON - 3250

SECUNIA - 27409

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html

HP - HPSBMA02133


Last Updated: 27 May 2016 11:01:12