Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3979

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2008-3979
Last Modified 22 Oct 2012 10:53:04
Published 13 Jan 2009 08:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-3979

Summary

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.

Vulnerable Systems

Application

  • Oracle Database 10g 10.1.0.5

  • Oracle Database 10g 10.2.0.2


References

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

VUPEN - ADV-2009-0115

SECTRACK - 1021561

BID - 33177

BUGTRAQ - 20090113 Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2

MILW0RM - 8074

SECUNIA - 33525

OSVDB - 51354

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html


Last Updated: 27 May 2016 11:01:04