Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3979


Vulnerability Score 5.5 5.5
CVE Id CVE-2008-3979
Last Modified 22 Oct 2012 10:53:04
Published 13 Jan 2009 08:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



Unspecified vulnerability in the Oracle Spatial component in Oracle Database and allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.

Vulnerable Systems


  • Oracle Database 10g

  • Oracle Database 10g



VUPEN - ADV-2009-0115

SECTRACK - 1021561

BID - 33177

BUGTRAQ - 20090113 Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2

MILW0RM - 8074

SECUNIA - 33525

OSVDB - 51354


Last Updated: 27 May 2016 11:01:04