Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5440

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5440
Last Modified 22 Oct 2012 10:56:45
Published 13 Jan 2009 08:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5440

Summary

Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module.

Vulnerable Systems

Application

  • Oracle Timesten In-memory Database 7.0.5.0.0


References

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

MISC - http://www.zerodayinitiative.com/advisories/ZDI-09-004/

MISC - http://www.zerodayinitiative.com/advisories/ZDI-09-004

VUPEN - ADV-2009-0115

BID - 33177

BUGTRAQ - 20090114 Oracle TimesTen Remote Format String

BUGTRAQ - 20090114 ZDI-09-004: Oracle TimesTen evtdump Remote Format String Vulnerability

SECUNIA - 33525

MISC - http://joxeankoret.com/blog/?p=41

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html


Last Updated: 27 May 2016 11:01:06