Lucene search

[email protected]CVE-2007-2110

HistoryApr 18, 2007 - 6:19 p.m.

CVE-2007-2110

2007-04-1818:19:00

[email protected]

web.nvd.nist.gov

oracle

database

vulnerability

cve-2007-2110

windows

rdbms

security

attack vector

injection

arbitrary code

6.9 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Unspecified vulnerability in the Core RDBMS component for Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.4 on Windows systems has unknown impact and attack vectors, aka DB03. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB03 occurs because RDBMS uses a NULL Discretionary Access Control List (DACL) for the Oracle process and certain shared memory sections, which allows local users to inject threads and execute arbitrary code via the OpenProcess, OpenThread, and SetThreadContext functions (DB03).

Affected configurations

NVD

Node

oracledatabase_serverMatch9.0.1.5

oracledatabase_serverMatch9.2.0.7

oracledatabase_serverMatch10.1.0.4

AND

microsoftwindows

CPENameOperatorVersion
oracle:database_serveroracle database servereq9.0.1.5
oracle:database_serveroracle database servereq9.2.0.7
oracle:database_serveroracle database servereq10.1.0.4

CPE	Name	Operator	Version
oracle:database_server	oracle database server	eq	9.0.1.5
oracle:database_server	oracle database server	eq	9.2.0.7
oracle:database_server	oracle database server	eq	10.1.0.4

References

www.freelists.org/archives/oracle-l/12-2006/msg00004.html

www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_April_2007_Analysis.pdf

www.ngssoftware.com/research/papers/NGSSoftware-OracleCPUAPR2007.pdf

www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html

www.red-database-security.com/advisory/oracle_cpu_apr_2007.html

www.securityfocus.com/archive/1/466329/100/200/threaded

www.securityfocus.com/bid/23532

www.securitytracker.com/id?1017927

www.us-cert.gov/cas/techalerts/TA07-108A.html

www.vupen.com/english/advisories/2007/1426

www.blackhat.com/presentations/bh-dc-07/Cerrudo/Presentation/bh-dc-07-Cerrudo-ppt.pdf

6.9 Medium

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2007-2110

prion1 nvd1 cvelist1 nessus1