Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6260

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6260
Last Modified 15 Nov 2008 02:04:00
Published 05 Dec 2007 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6260

Summary

The installation process for Oracle 10g and llg uses accounts with default passwords, which allows remote attackers to obtain login access by connecting to the Listener. NOTE: at the end of the installation, if performed using the Database Configuration Assistant (DBCA), most accounts are disabled or their passwords are changed.

Vulnerable Systems

Application

  • Oracle Database Server


References

BID - 26425

BUGTRAQ - 20071113 Oracle 11g/10g Installation Vulnerability

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database_20071108.pdf

MISC - http://www.davidlitchfield.com/blog/archives/00000030.htm

OSVDB - 43673

SREASON - 3419


Last Updated: 27 May 2016 10:46:26