Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2592

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2008-2592
Last Modified 22 Oct 2012 10:48:40
Published 15 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-2592

Summary

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure.

Vulnerable Systems

Application

  • Oracle Advanced Replication Component

  • Oracle Database 10.2.0.4

  • Oracle Database 11.1.0.6

  • Oracle Database 9.0.1.5

  • Oracle Database 9.2.0.8

  • Oracle Database Server 10.1.0.5

  • Oracle Database Server 9.2.0.8


References

VUPEN - ADV-2008-2115

VUPEN - ADV-2008-2109

SECTRACK - 1020499

BUGTRAQ - 20080811 Re: Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)

BUGTRAQ - 20080804 Team SHATTER Security Advisory: SQL Injection in Oracle Database (DBMS_DEFER_SYS.DELETE_TRAN)

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html

SECUNIA - 31113

SECUNIA - 31087

HP - SSRT061201

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

HP - HPSBMA02133


Last Updated: 27 May 2016 11:01:03