Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0977

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2009-0977
Last Modified 22 Oct 2012 11:04:23
Published 15 Apr 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-0977

Summary

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package.

Vulnerable Systems

Application

  • Oracle Database 10g 10.1.0.5

  • Oracle Database 10g 10.2.0.3

  • Oracle Database 9i 9.2.0.8

  • Oracle Database 9i 9.2.0.8dv


References

CERT - TA09-105A

CONFIRM - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html

SECTRACK - 1022052

BID - 34461

BUGTRAQ - 20090416 SQL Injection in package DBMS_AQADM_SYS

MISC - http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html

SECUNIA - 34693

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html


Last Updated: 27 May 2016 10:51:42