Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5513

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5513
Last Modified 22 Oct 2012 10:36:40
Published 17 Oct 2007 07:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5513

Summary

The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 generates incorrect audit entries in the USERID column in which (1) long usernames are trimmed to 5 characters, or (2) short entries contain any extra characters from usernames in previous entries, aka DB23.

Vulnerable Systems

Application

  • Oracle Database Server 10.1.0.5

  • Oracle Database Server 9.2.0.8

  • Oracle Database Server 9.2.0.8dv


References

CERT - TA07-290A

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

VUPEN - ADV-2007-3626

VUPEN - ADV-2007-3524

SECTRACK - 1018823

BUGTRAQ - 20071017 Oracle audit issue with XMLDB ftp service

SECUNIA - 27251

HP - SSRT061201

BID - 26107

MISC - http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-oracle-xmldb-ftp-service/

SREASON - 3247

SECUNIA - 27409

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html

HP - HPSBMA02133


Last Updated: 27 May 2016 11:01:12