CVE-2008-2607

15.07.2008, 23:41

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_AQELM.  NOTE: the previous information was obtained from the Oracle July 2008 CPU.  Oracle has not commented on reliable researcher claims that this issue is a buffer overflow that allows attackers to cause a denial of service (database corruption) and possibly execute arbitrary code via a long argument to an unspecified procedure.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:S/C:P/I:P/A:P
mitre	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 87%

Vendor	Product	Version
oracle	advanced_queuing_component	*
oracle	database_9i	9.2.0.8
oracle	database_9i	9.2.0.8:dv
oracle	database_server	10.1.0.5
oracle	database_server	10.2.0.4
oracle	database_server	11.1.0.6

𝑥

= Vulnerable software versions

References

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=726

http://secunia.com/advisories/31087

http://secunia.com/advisories/31113

http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

http://www.securitytracker.com/id?1020499

http://www.vupen.com/english/advisories/2008/2109/references

http://www.vupen.com/english/advisories/2008/2115

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=726

http://secunia.com/advisories/31087

http://secunia.com/advisories/31113

http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

http://www.securitytracker.com/id?1020499

http://www.vupen.com/english/advisories/2008/2109/references

http://www.vupen.com/english/advisories/2008/2115