Databases : Oracle Database Server MDSYS.MD Buffer Overflows and DoS Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802523

Categoría: Databases

Título: Oracle Database Server MDSYS.MD Buffer Overflows and DoS Vulnerabilities

Resumen: Oracle database is prone to a Buffer Overflow and denial of; service (DoS) vulnerabilities.

Descripción: Summary:
Oracle database is prone to a Buffer Overflow and denial of
service (DoS) vulnerabilities.

Vulnerability Insight:
The flaws are due to an error in 'MDSYS.MD' package that is used in the
Oracle spatial component. The package has EXECUTE permissions set to PUBLIC, so
any Oracle database user can exploit the vulnerability to execute arbitrary code.

Vulnerability Impact:
Successful exploitation allows an attacker to execute arbitrary code. It
can also be exploited to cause a Denial of Service by crashing the Oracle server process.

Affected Software/OS:
Oracle Database server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4.

Solution:
Apply the patch from the referenced advisory.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-0272
BugTraq ID: 22083
http://www.securityfocus.com/bid/22083
Bugtraq: 20070124 Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD (Google Search)
http://www.securityfocus.com/archive/1/458038/100/0/threaded
Bugtraq: 20070718 Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12) (Google Search)
http://www.securityfocus.com/archive/1/474047/100/0/threaded
Cert/CC Advisory: TA07-017A
http://www.us-cert.gov/cas/techalerts/TA07-017A.html
http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml
http://osvdb.org/32911
http://securitytracker.com/id?1017522
http://secunia.com/advisories/23794
XForce ISS Database: oracle-cpu-jan2007(31541)
https://exchange.xforce.ibmcloud.com/vulnerabilities/31541

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802523
Categoría:	Databases
Título:	Oracle Database Server MDSYS.MD Buffer Overflows and DoS Vulnerabilities
Resumen:	Oracle database is prone to a Buffer Overflow and denial of; service (DoS) vulnerabilities.
Descripción:	Summary: Oracle database is prone to a Buffer Overflow and denial of service (DoS) vulnerabilities. Vulnerability Insight: The flaws are due to an error in 'MDSYS.MD' package that is used in the Oracle spatial component. The package has EXECUTE permissions set to PUBLIC, so any Oracle database user can exploit the vulnerability to execute arbitrary code. Vulnerability Impact: Successful exploitation allows an attacker to execute arbitrary code. It can also be exploited to cause a Denial of Service by crashing the Oracle server process. Affected Software/OS: Oracle Database server versions 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4. Solution: Apply the patch from the referenced advisory. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0272 BugTraq ID: 22083 http://www.securityfocus.com/bid/22083 Bugtraq: 20070124 Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD (Google Search) http://www.securityfocus.com/archive/1/458038/100/0/threaded Bugtraq: 20070718 Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD (DB12) (Google Search) http://www.securityfocus.com/archive/1/474047/100/0/threaded Cert/CC Advisory: TA07-017A http://www.us-cert.gov/cas/techalerts/TA07-017A.html http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml http://osvdb.org/32911 http://securitytracker.com/id?1017522 http://secunia.com/advisories/23794 XForce ISS Database: oracle-cpu-jan2007(31541) https://exchange.xforce.ibmcloud.com/vulnerabilities/31541
Copyright	Copyright (C) 2011 Greenbone AG