Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5897

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2007-5897
Last Modified 22 Oct 2012 10:37:35
Published 08 Nov 2007 04:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-5897

Summary

Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, 9iR2 up to 9.2.0.6, and 10gR1 up to 10.1.0.4 allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via the TRANSFORM function. NOTE: this issue might already be covered by CVE-2007-5515, CVE-2007-5509, or CVE-2007-5505, but there are insufficient details to be sure.

Vulnerable Systems

Application

  • Oracle Database Server

  • Oracle Database Server 10.1.0.2

  • Oracle Database Server 10.1.0.3

  • Oracle Database Server 10.1.0.4

  • Oracle Database Server 9.2.0.1

  • Oracle Database Server 9.2.0.2

  • Oracle Database Server 9.2.0.3

  • Oracle Database Server 9.2.0.4

  • Oracle Database Server 9.2.0.5

  • Oracle Database Server 9.2.0.6


References

BUGTRAQ - 20071029 Team SHATTER Alert: Oracle Database Buffer overflow vulnerability in function MDSYS.SDO_CS.TRANSFORM

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html

OSVDB - 40081

BID - 26243

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2007-092913.html


Last Updated: 27 May 2016 11:01:12